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Dear Ms. O’Brien: 

Records responsive to your request were previously processed under the provisions of the Freedom 
of Information Act. Enclosed is one CD containing 605 pages of previously processed documents and a copy 
of the Explanation of Exemptions. Please be advised, these are the only copies of these documents located 
in our possession. The original copies of these documents could not be located for reprocessing. 

Additional records potentially responsive to your subject exist. The Federal Bureau of Investigation 
(FBI) has located approximately 1,594 pages total of records potentially responsive to the subject of your 
request. By DOJ regulation, the FBI notifies requesters when anticipated fees exceed $25.00. 

If all potentially responsive pages are released on CD, you will owe $40.00 in duplication fees (3 CDs 
at $15.00 each, less $5.00 credit for the first CD). Releases are made on CD unless otherwise requested. 
Each CD contains approximately 500 reviewed pages per release. The 500 page estimate is based on our 
business practice of processing complex cases in segments. 

Should you request that the release be made in paper, you will owe $79.70 based on a duplication 
fee of five cents per page. See 28 CFR §16.10 and 16.49. 

If you agree to receive all responsive material on CD, you will receive a $5.00 credit towards your first 
interim CD. As a result, we must notify you there will be a $25.00 charge when the second interim release is 
made in this case. At that time you will be billed for the $1 0.00 remaining from the $1 5.00 free of the first 
release, as well as the $15.00 duplication fee for the second release, for a total of $25.00. 

Please remember this is only an estimate, and some of the information may be withheld in full 
pursuant to FOIA/Privacy Act Exemptions(s). Also, some information may not be responsive to your subject. 
Thus, the actual charges could be less. 


Requester Response 


No payment is required at this time . If your request does not qualify for eFOIA releases, you must 
notify us in writing within thirty (30) days from the date of this letter of your format decision (paper or 
CD). You must also indicate your preference in the handling of your request in reference to the 
estimated duplication fees from the following four (4) options: 

I am willing to pay estimated duplication/ international shipping fees up to the amount 
specified in this letter. 

I am willing to pay fees of a different amount. 

Please specify amount: 

n Provide me 100 pages or the cost equivalent ($5.00) free of charge. If applicable, I am 
willing to pay International shipping fees. 

Cancel my request. 

If we do not receive your duplication format decision and/or estimated duplication fee selection within 
thirty (30) days of the date of this notification, your request will be closed. Include the FOIPA 
Request Number listed above in any communication regarding this matter. 


For your information, Congress excluded three discrete categories of law enforcement and national 
security records from the requirements of the FOIA. See 5 U.S. C. § 552(c) (2006 & Supp. IV (2010). This 
response is limited to those records that are subject to the requirements of the FOIA. This is a standard 
notification that is given to all our requesters and should not be taken as an indication that excluded records 
do, or do not, exist. 

You have the opportunity to reduce the scope of your request; this will accelerate the process and 
could potentially place your request in a quicker processing queue. This may also reduce search and 
duplication costs and allow for a more timely receipt of your information. The FBI uses a multi-queue 
processing system to fairly assign and process new requests. Simple request queue cases (50 pages or 
less) usually require the least time to process. 

Please advise in writing if you would like to discuss reducing the scope of your request and your 
willingness to pay the estimated search and duplication costs indicated above. Provide a telephone number, 
if one is available, where you can be reached between 8:00 a.m. and 5:00 p.m., Eastern Standard Time. Mail 
your response to: Work Process Unit; Record Information/Dissemination Section; Records 
Management Division; Federal Bureau of Investigation; 170 Marcel Drive; Winchester, VA 22602. You 
may also fax your response to: 540-868-4997, Attention: Work Process Unit. 

For questions regarding our determinations, visit the www.fbi.gov/foia website under “Contact Us.” 
The FOIPA Request number listed above has been assigned to your request. Please use this number in all 
correspondence concerning your request. Your patience is appreciated. 



the Internet could have been paralyzed, disrupting several of the critical infrastructures that rely 
on die Internet for communication. 

2* In testimony last February 16, you said that the FBI was producing "fast-developing 
leads’ and that a break in the case was imminent. A couple of weeks later, Michael Vatis, 
director ofNIPC, suggested that in fact agents were making slow progress in the case. 

How would yon assess progress la the case now? 

In fact, the testimonies of FBI Director Freeh and NIPC Director Vatis were entirely 
consistent. Both cited the difficulties in conducting cyber crime investigations, but both also 
expressed optimism about the prospects for a successful resolution of the case. Director Freeh’s 
February 16 testimony for the record contained the following remarks about the DDOS 
investigation: 

On February^ 8, 2000, the FBI received reports that Yahoo had experienced a 
denial of sendee attack. In a display of the close cooperative relationship the 
N1PC has developed with the pri vate sector, in the days that followed, several 
other companies also reported denial of service outages. These companies 
cooperated with our National Infrastructure Protection and Computer Intrusion 
squads in the FBI field offices and provided critical logs and other information. 

Still, the challenges to apprehending the suspects are substantia!. In many cases, 
the attackers used “spoofed” IP addresses, meaning that the address that appeared 
on the target’s log was not the true address of the system that sent the messages. 

The resources required in these investigations can be substantial. Already we 
have five FBI field offices with cases opened : Los Angeles, San Francisco, 

Atlanta, Boston, and Seattle. Each of these offices has victim companies in its 
jurisdiction. In addition, so far seven field offices are supporting the five offices 
that have opened investigations. The NTPC is coordinating the nationwide 
investigative effort, performing technical analysis of logs from victims sites and 
Internet Service Providers, and providing all-source analytical assistance to field 
offices. Agents from these offices are following up literally hundreds of leads. 

While the crime may be high tech, investigating it involves a substantial amount 
of traditional police work as well as technical work. For example, in addi tion to 
following up leads, MFC personnel need to review an overwhelming amount of 
log information received from the victims. Much of this analysis needs to be done 
manually. Analysts and agents conducting this analysis have been drawn off 
other case work. In the coming years we expect our case load to substantially 
increase. (Emphases added.) ' V 

NIPC Director Vatis’ February 29 testimony for the record contained the following 
statement about the DDOS investigation: 
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. 0n Februa f>" g > 2000, the NIPC received reports that Yahoo had 
experienced a denial of sendee attack. In a display of the close cooperative 
relationship that we have developed with the pri vate sector, in the days that 
followed, several other companies (including Cable News Network, eBay 

« m ^ nd ZDNE1) ’ 4150 r ^ orted ° f! «vi« outages to 

the NIPC or FBI field officer. These companies cooperated with us by providing 
raucal logs and other mfonuafion. Still, the challenges to apprehending the * 

• sus P e are substantial- In many eases, the attackers used “spoofed” IP addresses 
meaning that the address that appeared on the target’s log was not the true address ’ 
of the system that sent the messages. In addition, many victims do not keep 
complete network logs. r 

The resources required in an investigation of this type are substantial 
Companies have Been victimized or used as “hop sites” m numerous places across 
the country meaning that we must deploy special agents nationwide to work leads 
We currently have seven FBI field offices with cases opened and all the remaining 
oftices are supporting the offices that have opened cases. Agents from these 
offices are following up literally hundreds of leads. The NIPC is coordinating toe 
nationwide investigative effort, performing technical analysis of logs from victims 
sites and Internet Sendee Providers (ISPs), and providing an-soure^ analytical 
assistance to field offices. Moreover, parts of the evidentiary trail have led 
overseas, requiring us to work with our foreign counterparts in several countries 
through our Legal Attaches (LEGATs) in US. embassies. 

While the crime may be high tech, investigating it involves a substantial 
amount of traditional investigative work as well as highly technical work. 

Interviews of network operators and confidential sources can provide very useful 
information, which leads to. still more interviews and leads to follow-up. And 
victim sites and ISPs provide an enormous amount of log information that needs to 
be processed and analyzed fay human analysts. 

Despite these challenges, 1 am optimistic that the hard work of our agents 
analysts and computer scientists; the excellent cooperation and collaboration we 
have with private industry and universities; and the teamwork we are engaged in 
with foreign partners will in the end prove successful (Emphases added.) 

M “f, FBr ’.^Tff COn,i “ C,ed Cl0Se coo " fi “ fi “ «H» <he Royal Ca nadian 
Momted Police, very quidd, bad resulted tp the identification of one subject in Canada Because 

nKidt, ? ^ S??* 4 by RCMP ' m *<= DDOS'eise and in another matter 
that came to light during the RCMP s investigation, the subject could not be immediately arrested, 

RCMP £1“?®! ‘ not be discussed publicly. However, on April 15.40 

executed a search warrant and arrested a juvenile charging him wife one of fee attacks. 
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We would therefore assess the progress in this ease as substantial and, indeed 
unprecedented m a ease of tlm scope and nature. The investigation continues into the attacks o; 
DDOS victims, and we believe good progress continues to be made. 

3, In twfimony last February 16, you suggested that the FBI’s resources ’’are stretched 
paper^m_ because of the lack of high-caliber government forensic computer experts. 

How much has this contributed to the government’s lack of success in catching the 


M cussed ^°y«> substantial progress in fact has been made in the DDOS investigation 

with one subject already identified in Canada. “ ’ 

„ ^ * n "f explosive growth in computer crimes, our existing resources both in 

le Computer Analysis Response Team and in the MFC and the related field office National 
Infrastructure Protection and Computer Intrusion Program are indeed stretched paper thin. 

The Laboratopt.Division’s CART team supports the investigation of any sort of criminal 
investigation m which evidence might be found on a computer (such as a drug trafficker’s 
accounts) by conducting computer forensic examinations on seized media. The Lab’s technically 
trained agents develop, deploy, and support equipment to perform Title HI and FISA intercenfio-s 
of data communications on the Internet Staff in both of these areas (forensics and engineering " 
support) is extremely stretched because these agents are tasked with providing support not oHy 

for cyber crimes, hut all traditional crimes in which digital evidence may he pmseot or data 
interception required. 

The FBI's CART program, consisting of agents and analysts who examine digital media! 
m order to gather evidence, is not able to keep up with the increasing workload. The following is 
a summary of current and future trends assuming that the FBI Laboratory is funded for all 
pending budget requests; 

CART Capacity and Backlog 


Year 

* 

FTB Staffing 

Capacity 

Exam Requests • Case Backlog 

Backlog 

* 




Time 

* 




(Months) 

1999 

95 

1900 

3500 1600 

10,1 

2000 

104 

2080 . 

5000 2920 - 

16.8 

2001 

..... 154 

3080 

6000 2920. 

11.4 ■ 

2002 

213 

4260 

8500 4240 

11.9 
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In addition, the FBFs Laboratory Division currently provides support not only for FBI 

cases, but also for the Drug Enforcement Administration and the Immigration and Naturalization 
Service. 

_ The MXPC and the field office NIPCIP squads are responsible for conducting 
investigations of cyber attacks, including computer intrusions, viruses, and denials of service. 

The NIPC currently has 193 FBI Special Agents xn the field offices investigating approximately 
1 200 computer intrusion and other <S NIPCIP” cases. Only 16 Field Offices have full squads of 
seven or more agents. The other field offices have only 1 to 5 agents, who are responsible for not 

only cyber investigations, but also for industry liaison, the InfiaGard Initiative, the Key Asset 

Initiative, and support to other investigative programs. Further, the NIPC lacks sufficient 
computer scientists and analysts to support the field office investigations. For instance, it has 
only 7 network analysts/electrical engineers to support investigations such as DDOS attacks. 

The MFC’s and Field Office resources have remained relatively static. The NIPC 
Headquarters budget for fiscal years 99-01 has been as follows: 


Fiscal Year 

1999 

2000 


29,057,000 (included one-year funding of $1 0 
million for special contingencies in Attorney 
General’s Counter-terrorism Fund) 


19,855,000 


2001 requested 


20,396,000 


Meanwhile, our pending case load has grown rapidly. 


Fiscal Year 
1998 



1999 


801 


2000 (as of May 1) 


1072 


Clearly, then, resources have not kept pace with the crime problem. 

•' '■ ' b ■■ . .. .. J “ 

Evidence gaithmrig for wxmputer intrusions mandates a prompt response because the 
digital evidence trail can disappear so quickly. The complexity of documenting, examining and 
analyzing the tremendous amount of information that is necessarily collected in these types of 
eases and its very technical nature requires investigators, examiners, and analysts with extremely 
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specific skills and experience. Because of the technical nature of this crime, it is difficult, if not 
impossible, to temporarily assign additional Special Agents to an investigation since a special 
technical skill set is required to investigate such matters. 

Staff shortages impede not only our ability to conduct investigations adequately, but also 
to quickly obtain information, conduct analyses, and craft and issue appropriate warnings and 
alerts. This makes the Indications and Warning mission much more difficult to perform. 

4. Some have argoed that the high-profile February’ attacks on Yahoo, eBay, and 
other companies were just a diversion, allowing the hackers to focus on making smaller, 
intrusive attacks on smaller sites. 

Have you found any evidence for this contention? 

No. There are individuals and groups who do focus on planning and executing more 
intrusive attacks, often for the sake of stealing information or money, but we have not seen any 
correlation between such intrusions and the February DDOS attacks, 

S, Why don’t you think industry can solve this problem itself? 


The Internet was not designed with security as the foremost consideration. Moreover, 
until very recently, security was not a major priority of either hardware/sofhvare manufacturers or 
consumers. As a result, networks are still rife with vulnerabilities. Improving security on die 
Internet is thus first and foremost the responsibility of industry. Government must protect its own 
systems, and can assist industry by providing information about threats and vulnerabilities that we 
are aware of, and the NIPC does that. But it is industry's responsibility to secure privately owned 
systems. 


Even if systems were more secure, however, there would inevitably be some amount of 
computer crime committed on the Internet ~ including not just intrusions, denials of service, and 
viruses, but also traditional crimes perpetrated over the Internet such as fraud and dissemination 
of child pornography . As long as crime exists, the public will expect law enforcement to 
investigate and apprehend file perpetrators. And effective law enforcement is a key element in 
any strategy to deter further criminal activity. Thus, industry and law enforcement must work 
closely together. 


6a. How big a problem is Hits for the FBI? Bo you believe that there are iraportant cyber 
attacks that are never investigated by law enforcement because the attacked companies 
refuse to report them? • .. . < 

The vulnerabilities that permeate the industry are a big problem for the FBI and other law 
enforcement agencies because they make it so easy for crimes to be committed. This accounts in 
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1. Of the 800 cases referred for criminal investigation to FY 1999 from the NIPC, what 
percentage of these cases were referred to other agencies, other than the FBI, for continued 
investigation and possible criminal prosecution? 

As a general matter, the NIPC does not "refer" cases. Cases are normally initiated by a 
held office, whether a Field Office of the FBI, die Secant Service, another federal agency, or a 
state or local law enforcement agency. NIPC is the "program manager" of the FBI’s compu ter 
intrusion Investigative program, and so receives information about cases directly from fee FBI 
Field Offices. Under FDD 63, other agencies are also supposed to report information about cyber 
incidents to fee NIPC Sometimes, NIPC will receive fee first report of a cyber incident from a 
private company, a government agency, or another source, and contact the appropriate FBI Field 
Office. If another agency has concurrent investigative jurisdiction or some other non- 
mvestigative interest, feat agency will also be contacted (either by fee FBI Field Office of the 
NIPC). Where joint jurisdiction exists, the FBI field office may work jointly with fee relevant 
other agencies (as discussed further below). 

i* * V 

If an inquiry determines the complaint does not fall within the investigative guidelines of 
fee FBI, it may be referred by the field office to another federal agency or to a state or local law 
enforcement agency which has fee authority to conduct such investigations. FBI field offices 
develop liaison contacts with federal, state and local agencies investigating similar violations 
under federal or state statutes and complaints are disseminated through these liaison contacts. 
There is no system established to track how many complaints have been sent from FBI field 
offices to other law enforcement agencies. 

There have been, however, several instances in which fee MFC or an FBI field office has 
contacted another agency to determine if feat agency wanted to conduct an investigation either 
jointly or separately, but feat agency declined. A couple of examples are listed below. 

In May 2000, fee FBI's Detroit Field Office referred a complaint to the local Secret 
Service office regarding a denial of service attack against NHL.com, going so far as to transfer fee 
call from the FBI field office to the Secret Service field office. The Secret Service told the 
complainant feat no one vras in fee office to receive the complaint due to a visit of Texas 
Governor George W, Bush to Michigan. The complainant then called fee FBI again and fee 
Detroit Field Office took the complaint and assigned fee matter for investigation. 

Also in May 2000, based on FBI source information, fee NIPC notified fee USSS 
headquarters feat there may be a vulnerability wife the White House Webpage feat gave the 
public access to all fee files on feat server. The USSS advised feat fee system administrator may 
already be aware of this. Neither the NIPC nor the FBI’s Washington Field Office has heard back 
from fee USSS regarding this matter. 
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In another instance, the FBI’s Williamsport, Resident Agency, part of the Phi ladelphia 
Field Office, opened an investigation into a series of computer intrusion into 10 companies 
resulting in the loss of approximately 28,000 credit card numbers. During the initial 
investigation, the FBI discovered that one of the victims located in Buffalo, NY, had contacted the 
Secret Service and the USSS had opened a case pertaining to the intrusion against the single 
victim company, but was not investigating the larger set of thefts. The FBI contacted the Secret 
Service Division in Buffalo, NY to coordinate the ease, since USSS already had a pending 
investigation. The FBI was told that due to the Security Detail Duties for the First Lady, the 
USSS would be unable to coordinate at die present time with the FBI on the case. 

In addition, the FBI has worked, and continues to work, many investigations jointly with 
other agencies. Two notable examples include Solar Sunrise and Moonlight Maze. Both cases 
involved extensive intrusions into Department of Defense and other government agency computer 
networks. The investigations involved an NlPC-coordin&ted investigation involving numerous 
law enforcement, intelligence, and defense agencies, as well as foreign law enforcement agencies. 

Beyond those examples, the following are other instances of joint investigations. 

DDOS: Numerous Internet commerce sites have been victimized by DDOS attacks since 
February 7, 2000. These DDOS attacks prevented the victims from offering their web sendees on 
the Internet to legitimate users. A DDOS attack uses compromised computer networks to "flood” 
a victim s computer network with massive amounts of data, which causes the victim's computer 
network to become overwhelmed and to stop operating. The DDOS attack investigation are 
investigations in seven FBI field offices, five overseas Legal Attache offices, oilier government 
agencies such as NASA, as well as the Royal Canadian Mounted Police! Reflecting the 
extraordinary level of cooperation on these investigations, on April 15, 2000, the Canadian 
officials arrested a juvenile charging him with one of the attacks. 

Cpradpri On March 1, 2000, a computer hacker using the name, "Curador”, allegedly 
compromised multiple E-commerce websites in the U.S., Canada, Thailand, Japan and the United 
Kingdom, and apparently stole as many as 28,000 credit card numbers. Thousands of credit card 
numbers and expiration dates were posted to various Internet websites. On March 9, 2000, 
IntemetNews reported that Curador stated, "Law enforcement couldn't hack their way out of a wet 
paper bag. They're people who get paid to do nothing. They never actually catch anybody." After 
an extensive international investigation, on March 23, 2000, the FBI assisted the Dyfed Powys 
(UK) Police Service in a search at the residence of Curador; Curador, age 18, was arrested in the 
UK, along with an apparent co-conspirator under the Computer Misuse Act 1990. Under United 
Kingdom law, both males have been dealt with as adults. Loss estimates are still being 
determined. • ' TT 

This case was predicated on the investigative work by the Dyfed Powys Police Service, 
the Federal Bureau of Investigation, Internet security consultants, the Royal Canadian Mounted 
Police, and the intemational banking and credit card industry. This case illustrates the benefits of 
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law enforcement and private industry, around the world, working together in partnership on 
computer crime investigations. ' k ‘ 

SmB£» In August 1998, the FBI initiated an investigation on an individual only known as 
zyklon, 1 who conducted numerous computer intrusions to various computer systems causing 
damages to websites and system files. The case was worked in cooperation with the Virginia 
State Police, Hie investigation identified zyklon to he Eric Bums of Shoreline, Washington. In 
February 1 999, following an execution of a search warrant. Bums confessed to the intrusions. In 
May 1999, Bums also gained unauthorized access and defaced the webpage for the White House 
website. At that point the FBI began working with the U.S. Secret Service on foe case. In ^ 
September 1999, Bums pleaded guilty to one count for violation of Title 18 USC Section 103 0 
(Computer Fraud and Abuse) for one of the 1998 intrusions. In the plea agreement. Bums also 
admitted his criminal activity into several other intrusions including the White House website. In 
November 1999, Bums was sentenced to 15 months in prison, 3 years supervised release and * 
$36,240 In restitution and a $ 100 fine. 

Triform This investigation was worked jointly with the Middletown Rhode Island Police 
Department, the.state Office of the Inspector General (OIG), National Aeronautics and Space 
Administration (NASA), and the FBI. Sean Trifero compromised various company and 
University computer systems, including systems maintained by Harvard University, Amherst 
College, Internet Services of Central Florida, Aliant Technologies, Arctic Slope Regional 
Corporation and Barrows Cable Company. He would utilize these compromised systems to 
establish web pages, E-Mail and In ternet Relay Chat (IRC) Groups in the background of the 
victim s computer system. Trifero would also provide others with access to these compromised 
systems. On 1 0/671998, Trifero entered a guilty plea in the District of Rhode Island, in 
connection with tins matter. On 2/22/1999, Trifero was sentenced in connection with his guilty 
plea to five counts of violating Title! S United States Code, Section 1030. He was sentenced to- 
12 months plus 1 day in jail; S32, 650.54 in restitution; $500 special assessment; three yearn 
supervised release; five hours/wk community service for 36 months; use of the Internet, but no 
contact with members of any hackmg/cracking group. 

Mewhiney : Throughout 1996, National Oceanic and Atmospheric Administration (NGAA) 
suffered several computer intrusions which were also linked to intrusions occurring a the National 
Aeronautics and Space Administration (NASA). These computer intrusions continued through 
1997. The FBI worked the ease jointly with NOAA, NASA and the Canadian authorities and 
identified fhe subject, Jason G. Mewhiney, who resided in Canada, The original damage 
assessment that Mewhiney had caused, exceeded $40,000. In April 1999, Jason G. Mewhiney 
was indicted by Canadian authorities. InJanuary 2000, Mewhiney pleaded guilty to 12 counts of 
intrusions which deluded violations' spanning from May 1996 through April 1997, of 
destroyed/altered data and intrusions with foe intent to damage. In the Canadian Superior Court 
of Justice, Mewhiney was sentenced to 6 months in jail for each of foe counts to run concurrently. 
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BHssJ la February, 1998, the FBI opened an investigation to assist the U.S. Air Force and IIS. 
Navy regarding multiple computer intrusions. The case was worked jointly with the U.S. Naval 
Criminal Investigative Service and Florida State Attorney's Office in Jacksonville, FL. The 
subject v'as identified as Jesse Le Bliss, a student of the University of North Florida. On August 
21, 1998, Bliss pleaded guilty to one felony count for vi olation of Florida State Statute 815 .06 
entitled, Offices Against Computer Users. On September 19, 1998, Bliss was sentenced in the 
Fourth Judicial Circuit, State of Florida, to six months house arrest followed by three years 
probation, 200 hours of community service, and a written letter of apology to the Commandant of 
the United States Marine Corps. 

CP . UMysrse : One pending case being worked by the FBI’s New Haven Division and the U.S. 
Secret Service has been widely reported in the press, due to statements made to reporters by the 
alleged perpetrator. Jh December 1999, the FBI’s New Haven. Division opened a case into 
intrusions into the computers of CD Universe, an on-line music seller, and the theft of customers’ 
credit card numbers and a related extortion threat. Because of tire credit card aspect, the FBI 
called the USSS to ask if USSS wanted to investigate jointly. The USSS declined. In January 
2000, the New T ork Times ran a front page story about the case, based on conversations between 
the reporter and the alleged perpetrator. Subsequently, USSS called the FBI back and requested 
to work the case jointly. That case is still pending. 

Other 


There are other investigations that are being conducted with other agencies, however 
further details may adversely impact the investigation due to their pending status. There are 
currently 47 pending investigative cases which are being worked jointly between the FBI and the 
multiple entities of the Department of Defense. An additional 58 cases were investigated jointly 
with other entities that are now in closed status. 

2. If some of the referred cases are potential violations that are traditionally enforced and 
investigated by other agencies, please describe your mechanisms and procedures that allow 
for cyber investigations to be conducted by those particular law enforcement agencies (other 
than the FBI). 

The primaty statute used by the FBI in computer intrusion investigations is Title 18, USC, 
1 030. Under this statute, the FBI has broad authority to investigate computer crime offenses. In* 
instances where the computer crime does not meet FBI jurisdiction, the local FBI field office will 
refer the complainant to the appropriate law enforcement agency (federal, state, or local) which 
has authority to conduct the investigation. On other occasions, the FBI may continue to work a 
matter jointly with another law enforcement agency, even if they do not Imve primary jurisdiction, 
to provide needed resources and technical expertise.' FBI field offices develop liaison contacts 
with state and local agencies investigating similar violations under state statutes and complaints 
are disseminated through these liaison contacts. The above cited credit card case is an example of 




5/24/02 Release - Pace 




how the FBI field offices make direct contact with their counterpart field offices, such as US 
Secret Service, to coordinate aspects of an investigation. 

3. Please specifically cite the number of MFC referred cases that have a direct impact or 
posed a threat on file nation's critical infrastructures. 

The nation’s “critical mfrastmctures” are those physical and cyber-based systems essential 
to the minimum operations of the economy and government, including telecommunications, 
energy^, banking and finance, transportation, water systems and emergency sendees, both 
governmental and private. One of the most difficult aspects of cyber investigations is that it is not 
clear at the outset what the extent of the threat, or tire potential damage to networks, is. Each case 
must be thoroughly investigated to determine the level of threat and compromise. What seems 
like a relatively minor incident might turn out to be very significant, and vice versa. This means 
that it is much more difficult for field investigators to use traditional investigative thresholds in 
determining how to utilize scarce resources. Moreover, computer systems and networks employ 
tnpted relationships between other computer system and networks, based upon the users' 
privileges. If a computer system or network is root-level (or super user) access compromi sed, the 
threat potential is substantial, and could theoretically pose a major threat to other trusted systems. 
This means that “critical infrastructure” systems are often connected with, and affected by, 
systems that arc in and of themselves not critical. 

The existing NIPC database does not classify cases by critical infrastructure at this time. 
Thus, there is no methodology to determine which cases ultimately involve a threat to our nation's 
critical infrastructure. 


The Distributed Denial of Service (DDOS) attacks launched in February of this year are a 
good example of tire difficulty' of cat egorizing an attack as an “infrastructure” attack or some 
lesser sort of attack. In a Distributed Denial of Services attack, not only are the "victim" systems 
affected, but also the thousands of computer systems and networks that were, unknowingly, 
infiltrated and used to carry out the attack, and Internet Sendee Providers that were heavily 
trafficked during the attack. All of the computer systems and networks that participated in the 
attack were compromised. Moreover, even though the effect of the attacks was relatively 
ephemeral and brief, the knowledge gained by analyses of these attacks is critical to our abilitv to 
protect against more devastating attacks in the future. If the DDOS attacks had been directed ' 
against the major Internet hubs rather than against primarily e-commerce companies, traffic on the 
Interne t could have been paralyzed, disrupting several of the critical infrastructures that rely on 
the Internet for communication. 

4. Please describe the job description and agen cy of any state and local law enfo rcement 
officials currently assigned to NIPC on a full time basis at FBI Headquarters. - 

The FBI currently has one local law enforcement officer assigned to the NIPC. He is from 
the Tuscaloosa County Sheriffs Department and his principal job is to work on outreach initiatives 
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to state and local law enforcement as part of the FBFs responsibility as the “Lead Agency” to 
work with the ‘‘Emergency Law Enforcement Sendees Sector” under FDD-63. He has also 
participated in the delivery of training to field investigators under our Key Asset Initiative. This 
representative replaced an earlier representative from the Oregon State Police, who rotated back to 
Ms home agency. The NIPC is also in discussions with several Washington, DC. area police 
departments about having officers detailed to the NIPC on a full- or part-time basis. 

5. Please describe any private sector representatives, past or present, who voluntarily 
participate in the Center to facilitate sharing of information between NIPC and the private 
infrastructure owners and operators. 

The NIPC works on a daily basis with private sector representati ves to share information. 
This occurs through such initiatives as InfiaGard, which provides information to infrastructure 
owners and operators on a daily basis, and the pilot project for Indications and Warning that the 
NIPC has established with the electrical power sector under the auspices of NERO, and the Key 
Asset Initiative. It also occurs on a case by case basi s as we disseminate targeted or general alerts 
or warnings to industry. The NIPC also works closely with private sector contractors who assist 
with technical analysis and information sharing. 

In addition, the NIPC is working with the Information Technology Association of 
America to bring private sector representatives into the Center for a period of time as “detailees.” 
That is part of a cybetcrime initiative sponsored by the ITAA and the Attorney General. 

6. Please describe any private sector representatives that are hired and paid by NIPC funds. 

The NIPC has hired contractors to support our work in analyzing cyber intrusions into the 
infrastructures as well as to provide technical support to our investigations. In addition, a 
representative from Sandia National Laboratories, has been working at the Center. The NIPC has 
been reimbursing the Department of Energy under the Interagency Personnel Act for the cost of 
this detallee’s contract. 

7. On page lb of your written testimony, you state: "the FBI, on behalf of the law 
enforcement community should enhance its technical capabilities (encrypted evidence)," 
Shouldn't all law enforcement agencies, from federal to state require this capability to 
accomplish the NIPC mission ? 

■* 

As noted on page 16 of the written testimony, the law enforcement community is 
extremely consumed about the serious public safety threat posed by the proliferation and use of 
strong, commrarially-availahle encryption products that do not allow for law enforcement access 
to the plaintext of encrypted, criminally-related evidence obtained through court-authorized 
electronic surveillance and/or search and seizure. The potential use of such non-xeeoverable 
encryption products by a vast array of criminals and terrorists to conceal their criminally-related 
communications and/or electronically stored mformation poses an extremely serious threat to 
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public safety and national security. 

In order to address this serious threat and as noted in the written testimony, it is imperative 
that law enforcement enhance it technical capabilities in the area of plaintext access to encrypted 
evidence. As j>art of the government’s approach to the encryption issue, the Administration has 
expressed support for and has proposed the creation of a law enforcement Technical Support 
Center within foe FBI for the purpose of providing foe entire law enforcement community with 
urgently needed plaintext access technical capabilities necessary to fulfill its investigative 
responsibilities in light of the proliferation of strong, commercially-available encryption products 
within foe U.S, In fact, included in fee Administration's Cyberspace Electronic Security Act of 
1 999 which was forwarded to foe Congress last September is a provision that authorizes - to be 
appropriated $80 million to foe FBI for foe creation of foe Technical Support Center, whi ch will 
serve as a centralized technical resource for federal, state and local law enforcement in responding 
to the ever increasing use of encryption by subjects of criminal cases. 

The TSC is envisioned as an expansion of foe FBI’s Engineering Research Facility (ERF) 
to take advantage of ERF's existing institutional and technical expertise in this area. This 
approach represents -a -cost effective, non-duplicative and efficient means of provide every U.S. 
law enforcement agency with access to technical capabilities needed to address lawfully seized 
encrypted evidence and is supported by the International Association of Chiefs of Police, the 
National Sheriffs Association and the National District Attorney Association as well as the 
Information technology industry'. 


8. Please describe which agencies were in the past participating in the NIPC, but are no 
longer members. Describe the reasons given by those agencies to the FBI for their 
withdrawal from participation. 


One of the difficulties in attempting to operate an interagency Center is ensuring that all 
relevant agencies participate. Agencies have not received direct funding to participate in foe 
Center, and so must take defailees to foe NIPC out of existing personnel resources. In addition, 
personnel with cyber expertise are unfortunately in very' short supply, meaning that agencies must 
commit to take scarce resources and send them outside their agencies. Despite these 
impediments, numerous agencies have sent detailees to the NIPC, Including: Defense/Office of 
.. foe Secretary of Defense; Central Intelligence Agency, National Security Agency; Air Force 
Office of Special Investigations; U.S. Navy; U.S. Army; U.S. Postal Service; Defense Criminal 
Investigative Service; General Services Administration; U.S, Air Intelligence Agency; 
Department of Commerce, and foe Tuscaloosa, AL Sheriffs office. In addition, we have foreign 
liaison representatives from two allied countries who assist in coordinating international activities 
wifo our cotmtetpam. A representative torn FAA is also scheduled to start at foe end of June. 
Additional repressmtefive front DoD, CIA, and NSA are also slated to arrive in foe near future. 

We are also expecting representatives from local Washington area police departments on a part- 
time basis. 
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Some agencies were represented earlier but do not currently have representatives. 
Circumstances necessitated the recall of the first State Department representative. State agreed to 
do so, and has committed to NIPC that it would replace him with two new' representatives, DoE’s 
first representative rotated hack after more than two years. NIPC’s understanding as to whv this 
representative rotated bade is that he was at NIPC for a lengthy time and was needed at DoE 
headquarters to assist m a DOE reorganization. DoE has committed to replacing that detailee. 

Secret Service earlier had two detailees to the NIPC, but recalled those detailees and has 
not yet committed to replacing them. Secret Service has not provided any written explanation for 
tins, but in oral discussions, Secret Service officials stated that USSS was not getting additional 
funding for its electronic crimes program despite its participation in NIPC; the FBI was receiving 
more media attention in the cyber crime area; and NIPC had not “referred” cases to Secret Service 
for investigation. NIPC offered any support it could give to Secret Service in addressing budget 
requests; noted that NIPC public statements often referred to partnership with USSS* and offered 
to do more- to support USSS initiatives with public statements and case analyses. NIPC also 
stated (as discussed further below) that its role is not to create and “refer" cases* rather eases 
generally originate in Field Offices, and FBI and Secret Service field offices frequently work 
computer crime cases together. 

NIPC fully recognizes the value other agencies bring to the cyber crime and infrastructure 
protection mission. That is why NIPC is an interagency Center, and has senior managers from 
other agencies in addition to investigators and analysts. For instance, the NIPC Deputy Director 
is from DoD/OSD; the Section Chief of the Analysis and Warning Section Is from CIA; the 
Assistant Secti on Chief of the Computer Investigations and Operations S ection is from Air Force 
OSI; the Unit Chief of the Analysis and Information Sharing Unit is from NS A; and the Unit 
Chief of the Watch and Warning Unit is from the U.S. Navy. Secret Sendee formally occupied 
the position of Assistant Section Chief of the Training, Outreach, and Strategy Section, 

Recognition of the need for other agency participation is also what drives NIPC to continually 
seek additional representatives from offer agencies. It Is also reflected in the numerous joint 
investigations ff at NIPC and FBI Field Offices have been involved in with off er agencies (as 
discussed further below'), v 


Senator Leahv : 

1. Can an attempt to commit a violation of 18 U.S.C. § 1030 (a)(5) currently be prosecuted 
under the attempt provision found In 18 U.S. C. § 1030(b), even if the attempt does not 
result in loss of at least $5,000 or cause one of the other results listed in § 1030 (e)(8)? 

_ ’^ ie question calls for an answer interpreting prosecution authority under statute, and as 
such, is more appropriately propounded to the Department of Justice. As a general rale, however 
the FBI understands that, under certain factual circumstances, 18 U.S.C. § 1030(b) does allow for 
the prosecution of violations of 18 U.S.C. § 1030(a)(5) even if the attempt does not result in a loss 
of at least $5,000 where evidence demonstrates the offender ’s specific intent was to cause a loss 
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In excess of $5,000. 

2. If an attempt cannot be so prosecuted, would amending the statute so that the 
aggravating factors included in the definition of "damage" in 18 U.S.C. SS 1030 (elfSVAV. 

<D) are instead moved to be elements of the offense under § 1030 (a)(5) change thafreshit? 

T&z question calls for a hypothetical interpretation of a statutory amendment as 
appKed through fee substantive case law of "attempt," and should be directed to the Department of 
Justice for a more detailed and definitive response. As a general matter, however, the FBI does 
not understand that elevating the definitional elements of the term "damage" to become 
substantive elements of section 1030 offenses will, in all circumstances, resolve the attempted 
©tee issues generated by the facts of most investigations. Instead, the FBI favors an approach 
which would combine a restructuring of the elements of the definition of "damage" into the 
penalty provisions of section 1030(c) with the creation of a lesser offense for those circumstances 
where damages of $5,000 or more cannot he substantiated The FBI believes that some 
unauthorized access intrusions into computers affecting interstate commerce (Le., protected 
computers) are so inherently violative as to justify Federal criminal sanctions even where there is 
no change affecting the integrity or availability of data or where the actual damages suffered do 
not attain tire $5,000 threshold. The intentional unauthorized computer intrusion into the 
privileged and private medical records of citizens is but one such example. Such a statutory 
approach as has been suggested by DoFs Computer Crime and Intellectual Property Section 
(COPS) would create a lesser included misdemeanor offense where the $5,000 threshold is not, 
in fact, demonstrated and would provide jurors in cases involving damages close to the threshold 
a legitimate alternative for otherwise violative behavior. 

3. If a definition of "loss" were added to § 1030(e) to define loss as "the reasonable cost to 

any victim of responding to the offense, conducting a damage assessment, restoring data, 
programs, systems or information to their condition prior to the offense and any revenue 
lost or costs incurred by the victim as a result of interruption of sendee," would the $5,000 
threshold be easier to meet than under current law? ' * * 

The FBI favors any amendments which allow for the increased inclusion of any costs, 
losses or other' expenditures that a victim would not have reasonably incurred but for the violation 
regardless of whether those losses resulted from an actual interruption of sendee. The FBI favors 
such a definition which would also include, if reasonable, the cost of system reconfigurati on 
related to deterring or eliminating similar future violations. 

4. With respect to violations of § 1030(a)(5)(A), is it your understanding that each separate 
"transmission" coaid form the basis of a separate count? Similarly, with respect to 
violations of §§ 1030(a)(5)(BHQ» is it your understanding that each separate "intentional 
access! 1 ” could form the basis of a separate count? 

The question calls for an interpretation of a statute applying the substantive case law of 
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what constitutes "criminal episode," and related concepts of what constitutes appropriate 
joinder," or "severance" under the Federal Rules of Criminal Procedure and should more 
appropriately be directed to the Department of Justice for a detailed and definitive response As a 
general matter, however, the FBI understands that whether a single computer transmission of 
malicious code under section 1030(a)(5) may form the basis for a single count under an 
indictment will, in large measure, turn upon the unique facts of any given investigation. Whether 
a single transmission of a self-replicating, self transmitting destructive computer virus constitutes 
one transmission, and therefore one count, or thousands of transmissions intentionally effectuated 
by chain reaction, and therefore thousands of counts, may turn upon an evaluation of numerous 
factors not the least of which would include the object and intent of the offender/transmitter, the 
deap of the code, the reasonable foreseeability of re-transmission and, as a practical matter the 
abihty to track, gauge and prove the re-transmission. Similarly, whether, in a computer network 
tfeC repe f ed ^“^orized accessing of a computer in violation of section 
( a )(5)(B)*(C), which accessing is temporally related, will, as a practical matter, frequently 

turn upon the configurati on of the network and its security and banner system, to name but a few 
factors, 

5. Are you aware of any cases in which the current statutory' maximum terms of 
imprisonment under 18 U.S.C. § 1030 were insufficient to effect the sentence called for bv 
the Sentencing Guidelines, including using the provisions of U.S.S.G. § SGI ,2, which ' 
provide that sentences on multiple counts may be imposed consecutively' to the extent 

necessary' to produce a combined sentence equal to the total punishment called for by the 
guidelines? 

The NIPC referred this question to the Department of Justice Computer Crimes and 
In ? I 0 ?? 31 Pr0perty Section for . * n P ut - The Department reported that it could recall no cases in 

which the current statutory maximum terms of imprisonment under 18 U.S.C. § 1030 were 

insufficient to effect the sentence called for by the Sentencing Guidelines, including using the 
provisions of U.S.S.G. § 5GL2. s 

6. Please explain the reason, if any, to continue the codification of the work-sharing 
~ between the Secret Se ™« the Federal Bureau offavestlgatiou found in § 

, ,?.!?!* spedficaUy ^ &e Secret Service’s authority to investigate crimes 

i ° i° tbose ofFenses mdtT subsections (a)(2)(A) and (B), (a)(3), (a)(4), (a)(5) 
and (a)(6). The Senate Report accompanying the 1 996 amendment explained that: 

[tjhe new crimes proposed in the bill, however, do not fall under the Secret 
Service's traditional jurisdiction. Specifically, proposed subsection 1030fa¥2VCl 
addresses gaps in 18 U.S .C. 2314 (interstate traction of stolen ppS 
proposed section 1030(a)(7) addresses gaps in 18 US.C. 1951 (the Hobbs Act) and 
875 (interstate threats). These statutes are within the jurisdiction of the Federal 
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Bureau of Investigation, which should retain exclusive jurisdiction over these types 

of offenses, even when they are committed by computer. 

S. Rep. No. 357, 104th Cong., 2d Sess. 13 (1996). 

Xi&erent in die 1996 changes was the recognition that the statute was being amended to 
reflec t the respective investigative jurisdictional limits existing at that time. It was clear at that 
time that the jurisdiction of the Secret Service, found at 18 U.S.C § 3056, did not encompass the 
types of offenses described m Section 1030 (a)(1), (a)(2)(C), or (a)(7). 1 Given that there have 
been no additional grants of general investigative jurisdiction to the USSS since that amendment, 
it is not clear why the USSS’s jurisdiction over computer crimes under Section 1 030 should be 
expanded. The theft of National Security information which is the type of information Section 
1030(a)(1) was intended to address has never been the subj ect of US SS jurisdiction. In addition 
the types of crimes contemplated by 1030(a)(2)(C) and (a)(7), as recognized by the legisl ati ve 
history, have traditionally been investigations solely in the province and expertise of the FBI. 

The 1996 provision is an explicit effort by Congress to address the criminal offenses at 
issue through a division of labor primarily determined by investigative responsibility and 
expertise. Any reversion to the preU 996 jurisdictional provisions raises serious issues and 
concerns about the utilization of resources and proper coordination. Concurrent jurisdiction 
would result in a duplication of efforts that would waste resources and encourage independent 
investigations by separate agencies at the expense of coordinated joint efforts. Indeed, given the 
decision by Secret Service to refrain from participation in the National Infrastructure Protection 
Center (MPC) (both by detailing personnel and providing investigative information from its 
cases) despite a mandate from the President to do so under PDD-63, expanding USSS’s cyber 
jurisdiction at tins time would result in a fractured approach to sensitive intrusion investigations 
involving espionage, extortion, and other serious matters. 

7. The FBI has limited authority to issue administrative subpoenas in certain cases, such as 
federal health care fraud or sexual exploitation or other abuse of children. Since 
cj bercrime cases are criminal in nature, is the FBI able to obtain documents relevant to the 
investigation with grand jury subpoena? To the extent that documents obtained with a > 


- 1 ’Under the direction of the Secretary of fee Treasury, the Secret Service is authorized to detect and 
wk> violates-- 


arrest any parson 


P . , . ( ^ i<5a f*°> S71, t> r 879 *rthis rifle or, with respect to the Federal Deposit Insurance Corporation, 

-- ^iattous.secrionZn.Zie. 433, 493. 657, 709, 1006, 1007. 1011, 1013, 1014, 

(2) *ny of few* of the United States relating to coirt$> obligations, and securities of United Km d ff * 

•• •; ?.v,_ .... ../ , ffiies ma of tofsiga 

. . £> "*? 0 ^ c Uw * ? fth f Unitcd Sm « to electronic fund transfer frauds, credit and debit card frauds, mi 

A^STS^Se^ the authority conferred by this paragraph shell be exercised t tot he 

enforcement agency with respect to those laws. ° - 0 anyo er ertUaw 
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grand Jury subpoena need to be shared with third-party experts, can permission be 
obtained to do so under Federal Rule of Criminal Procedure 6(e)(3)? 

Generally speaking, a '’governmental entity" is authorized under 18 U.S.C. 2703 (b) (1) 
(B) to obtain the contents of an electronic communi cation in rewrote computer storage with prior 
notice, as delimited in 18 U.S.C. 2703(b) (2), by using an administrative or grand jury subpoena. 
A governmental entity is also authorized under 18 U.S.C 2703(c)(1)(C) to obtain certain 
subscriber or customer information horn a provider of electronic co mmuni cation services or 
remote computing service, by using an administrative, grand jury, or trial subpoena, or as 
otherwise permitted under IS U.S.C. 2703 (c)(1)(B), The Electronic Communications Privacy 
Act (ECPA) does not itself identify which federal agencies qualify as "government entities" 
authorized to issue administrative subpoenas. Currently, the FBI is authorized to issue 
administrative subpoenas in cases involvinghealth care fraud under 18 U.S.C. §3486 and in cases 
involving child pornography and sexual solicitation under 18 U.S.C. §3486A. Unfortunately, 
there does not currently exist a statute authorizing or designating the FBI as a "governmental * 
entity" authorized to issue administrative subpoenas for violations of 18 U.S.C. § 1030 or other 
crimes of fraud increasingly committed by or facilitated through the use of a computer. The 
absence of such a statute impedes FBI efforts to accelerate an effective response to cyber crime. 

While helpful, the use of grand jury subpoena to acquire minimally intrusive transactional 
information (e.g., so-called "header information” such as "to" or "from") or subscriber information 
(e.g„ the name and address of the owner of an Internet screen name) is frequently a cumbersome 
and time consuming process especially in investigations where time is of the essence or where the 
information sought is from an unusually large number o f provid ers. Some circumstances may 
dictate seeking express court authorization under the provisions of Federal Rule of Criminal * 
Procedure 6(e)(3)(C) for disclosure to non-government experts who may not qualify as personnel 
assisting the attorney for the government in die investigation before the grand jury. In many 
cases, the practical concerns of delay and coordination with other agencies and courts further 
stymies government’ s ability to provide a timely response to imminent criminal behavior. 

The FBI supports an expansion of its statutory authority to issue administrative subpoena 
under the Electronic Communications Privacy. Act for any violation of law within die FBI’s 
existing criminal investigative jurisdiction. The FBI’s experience to date in the issuance of 
administrative subpoena in the areas of health care fraud and child exploitation crimes 
demonstrates that it can responsibly limit and control the exercise of this authority. 

8. Denial of service attacks are increasing exponentially. According to the FBI, these attacks 
involve the placement of tools such f asj Trinoo, Tribal Blood net, TFN2K or Stechenldraht 
on unwitting victim systems, which then send messages upou remote command to a targeted 
computer system until that system Is overwhelmed and essentially shnt(s] down. In order to 
document in real-time the remote command being given and the triggering of the message 
flood to the target system, is law enforcement currently required to obtain a wiretap order 
since the unwitting victim system is not a "party to the commnnication’ , authorized to grant 
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consent to electronic surveillance? Would an exception to the wiretap law to allow the 
unwitting victim system operator to grant consent to electronic surveillance be helpful to 
law enforcement? 

Hie question calls for an inteiprefation of a statute which would more 
appropriately be directed to the Department of Justice for a more detailed and definitive response. 

As a genera! matter, however, the FBI understands that; 1) the provisions of 18 U.S.C. 

§251 l(l)(a) prohibit all interceptions unless expressly authorized elsewhere in the Act; 2) the 
provisions of 18 U.S.C. §251 l(2){a)(i) authorize a provider of wire or electronic communication 
sendees to intercept communications on their system, not because they are parties to those 
communications, but as "is a necessary incident to the rendition of [that] service or to the 
protection of the rights or property of the provider,,,.;" 3) many providers {especially start-up 
Internet services) may not have the necessary tools or expertise to adequately track, document or 
halt an intruder in their system and, more perhaps more significantly, no providers have 
compulsory process to facilitate disclosure of transaction and subscriber information from other 
providers which is necessary to identify the source of an attack; 4) 18 U.S.C, §251 l(2)(a)(i) does 
not permit law enforcement to conduct an interception (without a court order) even upon a 
provider s express request when the provider’s system has been invaded or trespassed upon by a 
hacker, and 5} as a result of this quandary, and in order to ensure that evidence obtained will 
subsequently be held admissible, law enforcement is required to obtain a court order m order to 
enable it to actively work in conjunction with the provider. 

Given the high level DOJ approval that is required for Title in Interception applications, the 
necessary’' generation of paperwork, and the time needed by the reviewing court, significant delay can 
occur before law enforcement can provide an effective response to a hacker or DDOS event. This 
anomaly in the law creates an untenable situation whereby providers are sometimes forced to sit idly 
by as they witness hackers enter and, in some situations, destroy or damage their systems and 
networks while law enforcement begins the de tailed process of seeking court authorization to assist 
them. In the real world, the situation is akin to a homeowner being forced to helplessly watch a 
burglar or vandal while police seek a search warrant to enter the dwelling. For these reasons, the FBI 
favors enactment of a statutory exception under 18 U.S.C. §251 1 which w’ould expressly authorize 
law enforcement to assist such provi ders by intercepting the communications of a compu ter 
user/trespasser (the transmissions to and from the tiser/trespasser) BUT ONLY upon the voluntary, 
written consent of a service provider after that provider has made an initial determination that the ' 
nser/trespasser is * & ao* authorized to be on the system or network. Such an exception to the 

general interception prohibition would accelerate exponentially law enforcement’s ability to respond 
to such hheker incidents and would be a significant step toward ensuring the security and integrity of 
the Nation’s critical infrastructure. 


/. Is law enforcement currently required to obtain a wiretap in order to document in real- 
time the remote commands being given to a target system? 
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potential exception to this would be certain pen register-based approaches employed by sendee 
providers in switch-based solutions, where post-cut-through dialing (including post-cut- through 
signaling) may not be provided to law enforcement; This circumstance is currently a subject of 
review by the FCC under rule making implementing CALEA, and regarding which we anticipate a 
resolution in fee near future.) The distinction between a pen register device on a telephony service 
and a clone pager (or pager interception) is that a pen register is employed to capture dialed numbers 
which are used to set up a call. Hence, in the overwhelming majority of instances where pen registers 
are used fee information captured is simply signaling information used to set up a call. By 
comparison, pager interceptions are employed to capture fee information received by a pager which, 
in all instances, constitute fee content or message of the call Consequently, the law has historically 
distinguished fee legal processes required for these two types of acquisitions (i.e., pen register 
authority vs Title HI authority, respectively). 

Pen register efforts in fee data network area work somewhat differently. The most basic 
reason for tins is because fee services (e.g,, email, web-based mail, voice over IP) and applications 
(e.g,, Internet Chat, File Transfer) transmitted over data networks are somewhat different. Some of 
these services and applications lend themselves to precise ways of capturing (Le», recording) call 
identifying and signaling information only while others make the process of differentiating signaling 
information from call content more difficult " ~ 

9(B) Section 3121(c) of title 18, United States Code, requires government agencies 
authorized to use pen registers to "use technology reasonably available...that restricts the 
recording or decoding of electronic or other impulses to fee dialing and signaling information 
utilized in call processing.” Please describe the technolog}' and methodology currentlv 

employed to comply wife this statutory requirement 

Pen Register devices on telephony services continue to operate as they have for decades 
Stated differently, since the enactment of CALEA there has been no change in technology or pen 
register equipment for telephony that would better restrict the recording or decoding of electronic or 
other impulses to the dialing and signaling information utilized in call processing. 

As stated above, pen register efforts in the data network area work somewhat differently, and 
there, where technology that restricts the recording or decoding of electronic or other impulses to tire 
dialing and signaling information is reasonably available, it is employed. For example, fee FBI 
employs pen register devices to capture Internet Protocol (IP) addresses. Since data networks 
typically use well-established layered protocols, FBI tools are capable of restricting fee Information 
captured to fee IP address. 


10. Section 3121(a) of title 18, United Sta tes Code, requires a court to authorize the u se of a 
pen register If the court finds feat the government attorney has certified feat fee information 
likely to be obtained by "such use Is relevant to an ongoing criminal investigation.” The 
certification by fee government attorney is, in fern, made under oath and penalty of perjury. 
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under section 3122. 


“'I 0 ™"’ rc 9“ ired <» Scribe (o (he coiirt in (he application for a pen 
criminal inv^iioK'' ? m0nCy ' S c ' rtitotl »" «“>< "»■* “ (e'evanr (o an ongoing 

08) As a matter of regular practice, do government attorneys or State law enforcement or 
°*!Sr rS appKcad0fl5 for P en describe for the court the factual 

doel this prlc&e v^y? 1 * ' "** * ***”“* *° 3S ° n§oing criro!nal investigation’* or 

(C) What procedures, including audi(s or internal reviews, are in place to ensure (hat 
government attorneys and State law enforcement or investigative officers compiv with the 

?„ “teSfT t ^ !f' C <b ' fert “ a ' basis tot »dWng the application, particulariv 

mart « r f*. r ^r P™' 1 "* aM ' 3 ' lns f °r pen register orders is not to describe for the 
court the factual basis for certification? 

p) Should tb^conrt, rather than governmental attorneys or State Jaw enforcement or 

“ n K g f?f tht authorit5 ' t0 raake the factaa! fi »ding that '‘information likely 
to be obtained by such installation and use [of a pen register] Is relevant to an ongoing criminal 
investigation," and if not, please explain why? h 8 

Several of the questions call for or implicate an interpretation of statute which would more 
appropriately be directed to the Department of Justice for a more detailed and definitive response As 
a general matter, however, the FBI understands the .Supreme Court has expressly ruled that "the 

0 2 pen Iesisler not a "sesrch" within the meaning of the Fourth Amendment and 

themfore its use does not violate the. Constitution." . Smith v. Maryland. 442 1 T S 735 745-46 99 

contcnf/ f * 2 8 h° 979) ' ?? * ^ ° f i “ stake in the Snf 

SS lnfoma fion garnered through the use of p en registers, the Courts ha ve held that the l imited 
judical review ro e defeated by 18 U.S.C. §3121 etseq, is Constitutional and is intended to 
eguar against the purely random use of pen register devices by ensuring compliance with the 

402(im^mO) S CSt2bhShCd b> ' Congre£S ' See United States v - Hallmark, 91 1 F.2d 399, 401- 

~ a st f certi f Ications t by government attorneys are drafted and filed by attorney's of the 

Department of Justice and not, at the Federal level, by Special Agents of the FBI, Questions 

teg^ flteitebstence ofnnch crfficatto would more appropriately directed to the Department of 
f . , - f definitive response. As a general matter, however, it is the FBI’s experience that 
the degree to which a pen register application to the Court discloses the underlying factual basis for 
the attorney s certification turns, m large measure, upon the nature of the statutory offense which is 
&e focus of the mvesbgation .Whereas section 3123(b)(1)(D) requires that all pen register orders 

f 0 ofreoss to which the information likely to be obtained by the pen register 

trap an ce device relates," it follows that the application required by section 3 122(b)(2) contain 
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f 0 ®^ 5 and it is the FBI’s experience that this is 

commonly te case. Depending upon the nature oftheoffense described in the certificaion the 
underljang basts for the certification can, and in most instances will be readily a3“Xfl„ 

« 51? 5 ^ “f U ’ e obvio ’ K ia that the ofj-JL are £ 

S a 50 S ‘ mi,ariy in nro0,iK md to commit narcoUc^So^ the 

reliable and common sense inference is dearly that telecommunications are hd™ ♦ / U ? ’ th 

of conttolled subshmces in violation of Tide 21 of L 5 

and Abuse Act (18 U.S.C. §§®030« °f Computer Fraud 

underlying basis for the request, ^ ^ ° r m,a ® nal “ to m^astand the 

. . r ' *5 *5° “f mtods . ““*<!“ sole basis for obtaining a pen register order is to father a 
comma] investigation by generating reliable admissible evidence. An attorney who fabdv m 

T" P° 18 U ' SC §3122(b ®> d « S! > “ hM*r 

peni subject to sanction, disbarment and prosecution. Furthermore, an attorney who so falselv 
eemfies such an application has no way of knowing the subsequent coume and outcome oS 
imes gabion Frequently, information received from a pen register is consolidated with other 

JS SUbmlfted ^ Subs ^ »** detailed apphcatSj tothe Court such 
as search warrant applications or wiretap applications. In the unlikely event that an attomev for th* 
government were to submit a false certification to the court in c„ m i n e ? K ° ey for the 

the lack of any nexus between the named subjects of the investor ti 8 f en re S lster application, 

- n J th ,. , Hnra ' _ w - r *. ! ««nwi BUDjects 01 the investigation, the ‘'statement of the offense " 

he attorney s certification that the information likely to be obtained from the devise’s use is * 

reel ant to an ongoing criminal investigation would, in many instances reveal itself either m 

sr£STh ! :;f fors r h wras 

prosecution. ine dearth of such empirical or anecdotal evident** J 

certification of applicaions by attorneys for 

obligation is conscientiously fulfilled. certification 

caused fcmlrtn^r ^information theft and financial fraud perpetrated online have 
caused the most severe financial losses, "put at $68 million and $56 million respectively « t„ 

■*»* ? r fra " < ""™' 1,1 
Tf' 1 “7*“**" ra "°f ,he 1,1 Md law enforcement in general.: Appreciating this 

Tt. W C0 ” grBS bt rareM ta legtsfatlon*, such as H R. 

17M. The Electronic Stgnatnres Is Global and National Commerce Act," to ensure that 

consumers are adequately protected in the online environment This MB has passed the House 
ofltepresentatives and Is enrrenfly the subject of a conference with the Senate 

WneNatit^Wiaon of Attorneys General has commented on HJR. 1714 staBngthat 

!, ’ 0PS " otimeaa 'WMely Sflect" 

° f rZ7„' T W « T ? thTOe t ^ air£ » retention of original documents, "has the 

»Ttf s:" “ for “ mMt disrov ^ ° r 


• • f *.\Nr>^v ? yev> 
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StvI^l 714 W ?! d tbM State enactmcnts of tfje mirorm ®ectnmlc Transactions Act 

(UETA) be consistent with the House bill, resulting In federal preemption of any state 

PreS ^ Pt ;°“ °J Vaiidit> ' ° f dectr0nic si g natures aBd transactions that is not 
authorized m the House bill. The National Association of Attorneys General has opined that 

this broad federal preemption would "unduly hinder the ability of the states to protect thdr 

S C00SUmer frat,d *" If Statcs *** hindered in combating consumer fraud, would 

the FBI’s |ob in protecting the public from fraudulent online practices be made more difficult? 

‘ * ’) „*'• ' * 

On its face, the provisions of H.R. 1714 which allow for the electronic storage of contracts 
agreements and records are unrelated to earlier provisions of the bill delineating what types ofle^al 
documents may be executed by electronic signature. To the extent that Section 101(c)(1)(c) could be 
interpreted as allowing for the electronic imaging and storage as an electronic record of written 
contracts or agreement, die tangible originals of which would otherwise be required by law to be 
mamtamed in tangible foim, then, there could exist the potential to negatively impact certain law 
enforcement investigations relating to such documents. At a minimum, the supplanting of tangible 
ongmais (otherwise legally required to be maintained in tangible form) with electronic images^ 

° nS T ’ 'I" 0 COtl ? e4 Wlth destmction of the would eliminate or complicate 

hm&wn tt^signa turejxi alysrs and render null the possibility of recovering fingerprints or other trace 

ai5I ^ ace of originals. By the same token, the provisions of section 1 01 (c)(2) which 
exempt from retention data relating to the communication or receipt of any contract, agreement or 
reeor e ecfromeally recorded, could, m the context of electronically executed contracts, complicate 
or eliminate law enforcement efforts in tracing the source of transmission of fraudulent transactions or 
the location and identity of co-conspirators or even other victims. The continued trend toward 
electronic, paper-less execution of commercial transactions (which is admittedly so critical to the 
continued evolution and expansion of the Internet) when coupled with l).the growing ability of 
criminals to utilize encryption to restrict law enforcement’s ability to recover crucial inculpatory 
evidence, and 2) the absence of any preeminent public key, or private signature verification enfitv or 

Le fraud" COmpIiCateS the efroits of the FBI and state iaw enforcement to protect the public from on- 

1. synopses only of documents can negatively impact law enforcement? 

~ . , , , . review ? fcom P* ete mA accurate records is often necessary in law enforcement’s 
effort to help investigate cnme. All records management and retention policies therefore can be said 
to have -an effect on hw enforcement, and those policies which do not require that information be 
mamtamed, at least in theory-, can negati vely impact law enforcement’s di scovery of that information. 

2. If states are hindered * » . 

- ’■ ■■ • ■ . 

}ff , „ ?! e f 81 believes that since States are the primary responders to crime in our country, 

m combatm S comaker fraud, then the FBI’s job in protecting the public 
from fraudulent online practices wold be made more difficult 
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UNITED STATES DEPARTMENT OF JUSTICE 
UNITED STATES ATTORNEYS MANUAL 
*• ' ' ‘ - TITLE $ -CRIMINAL 

- ■ CHAPTER 9-7.000 ELECTRONIC SURVEILLANCE 

. ; • September 1997 

• 9.-7 . 010 Introduction- 

■auSifn ^n2 r J° nt ^ ins department of Justice policy on the use of electronic 

? Th L^f? er f-r1 leCtroniC surveill a n ee statutes {commonly refers* 

vf lv ^ y as Tatle 1x1 ] are modified at 18 U.S.C. S 2510, et sec. Becai 

- the weU-recograzed intrusive nature of many types of electronic su^veii] 

especially wiretaps ana "bugs," and the Fourth Amendment imp^ cations S' * 

government’s use of these devices < n the course of STTIL ? S t 

r «,i , S' , Z j Z a course o r its investigations, the 

' restSctiSrS 'S re ; a - ed Department of Justice guidelines) provide 

th \ us ® of most electronic surveillance, includino the 

of 3 m?v"5 tw De ' ,ar "“ rt oMioUl specifically ap?rIUe the „ 

S*at«a y A^«S»J oiP* S - 0f eiectron ~ c surveillance prior to an Assistant Unit 

b ^ ing a C ? Urt orcer auth °ri2ing interception. 

7 «<>•* tains --he specific mechanisms, includina aopKcab^e a^^ va i 

' for the use Of wiretaps, "bugs" {oral intent ^ de5?cel) 

' rnti nt a ut -***’■ ' V3,aeo «»«?*illance, and the consensual monitoring of wir* or # o*> 

a ! weU as e®e r aency interception procedures and rest-ict'or 

>he disclosure and evidentiary use of information obtained ^rouofSl^!? 
surveillance RdAi Hnnai {m*^**—-* * . v**v.<s~neu varougn electron! 

eiect*onic ? . COncer ‘' llns uss Df the various tiroes of 

^ec^onic fu^ei^lsnce is also set forth in the Criminal Resource normal 

Attorneys in the Electronic Surveillance unit of the OfficI of Eneor-^lLf 
Operations, Criminal Division, are available to provide asI°»?LflT ? 
both the interoretation of T-'tip ttt am-s -t-v,® ■ ® assistance ccnceinin* 

thereunder. Interceptions conduc^ed^Ssuanr rT+tZ | roc f ss necessitated 
Surveillance Act 0/^8? SSeh'lf cKif at 50*1 ITT 

f?f? 1 : iCally excl ’ aded from the coverage of Title lit % ee 18 '« I J* ! q " ar< 
2511 {2), (a) (ii), (2 ){e) y and { 2 } (f) . " 6e 18 °' S>C * § 

9-71 Ola- , 

U IS.. Attys, Man.' 9-7.010 
END OF, DOCUMENT 
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UNITED STATES DEPARTMENT OF JUSTICE 
' UNITED STATES ATTORNEYS MANUAL 

TITLE 9-CRXMXNAL 

. ‘ • . CHAPTER 9-7.000 ELECTRONIC SURVEILLANCE 

. . September 1997 

- % ' s’ L * . , < 

9-7 . 100 -Authorization of Applications for Wire, Oral, and Electronic 
Interception Orders — Overview and History of Legislation 

To understand the. core concepts of the legislative scheme of Title III, onk 
must appreciate the history of this legislation and the goals of Congress iji 
. enacting this comprehensive law. By enacting Title III in 1968, Congress 
prohibited private citizens from using certain electronic surveillance 
techniques. Congress exempted law enforcement from this prohibition, but 
required .-compliance with explicit directives that controlled the circumstan 
under which law enforcement’s use of electronic surveillance would be permi 
Many of the restrictions upon the use of electronic surveillance by law 
enforcement agents were enacted in recognition of the strictures against 
unlawful searches and seizures contained in the Fourth Amendment to the Uni 
States Constitution. See, e.g,, Katz v. United States, 389 U.S. 347 (1967). 
Still, several of Title Ill’s provisions are more restrictive than what is 
required by the Fourth Amendment. At the same time. Congress preempted Stat 
in- this area, and mandated that States that sought to enact electronic 
surveillance laws would have to make their laws at least as restrictive 
Federal.' law. 

One- of Title Ill’s most restrictive provisions is the requirement that Fed 
investigative agencies submit requests for the use of certain types of 
■electronic surveillance (primarily the hon-consensual interception of wire 
oral communications) to the Department of Justice for review and approval 
' applications for such interception may be submitted to a court of competent 
jurisdiction for an order authorizing the interception. Specifically/ in 18 
U.S.C. § 2516(1), Title III explicitly assigns such review and approval pow| 
to the. Attorney General, but allows the Attorney General to delegate this 
and approval authority to a limited number of high-level Justice Departmen 
officials, including Deputy Assistant Attorneys General for the Criminal 
Division- ("DRAGS")', The DAAGs review and approve or deny proposed applicati$: 
to conduct "wiretaps” (to intercept wire [telephone) communications/ 18 U.S 
2510(1)) and to install and monitor "bugs” (the use of microphones to inter 
oral { face-to-face] communications, 18 U.S.C. § 2510(2)}. it should be note$ 
that only those crimes enumerated in 18 U.S.C. § 2516(1} may be investigat 
through the interception of wire or oral communications. On those rare occa| 
when the government seeks to intercept oral or wire communications within 
premises or over a facility that cannot be identified with any particular 
and. a "roving" interception of wire or oral communications is* therefore . bei 
requested, the Assistant Attorney General or the Acting Assistant Attorney 
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U.Si At'tys. Man.- 9-7.100 • 

TEXT' .; ’ .- 

General -for the .Criminal Division roust be the one to review and approve or d 
the application . (See the roving interception provision at 18 O.S*C § 2518 ( 
discussed at USAM 9-7.111.) ; ' 

In 1986, Congress amended Title III bv enacting the Electronic Comunicatie 
, Privacy .Act of 1986. Specifically, Congress added a new category of covered 
conffimnicatlons, i.«., "electronic coromunications , * which- would now be protec 
and whose interception would be regulated, by Title III. Electronic ~ 

communications are those types of non-oral or wire communications that occur 
'.inter alia, over computers, digital-display pagers, and facsimile {"fax«i 
. machines,.-. . See .18 U.S.C. § 2510(12). 

.Khj l$$.§. am en dments pa rroit. any oove maent att orney to authorize tb 

electronic 

^congnuaxgattons to investigate any Federal felony <18 o/SjcTs 2M6(3lT the 
§SE«SK^t .M , .^stieTImrc^i^ss^ 

^ o actment approval would hdnedhele 

JieJw icstipns ..could be .su^ltteT "to ~ a~ , 

S32iS5ii.SSSj x .^ t J.?..|hat„£eriod , the„Depa rtroem 

^□S^^rlbnftauid 'thrSid f< 
^Wr£M h. . to application to the court for the' interception o) 

. ma c t ,in ^ s, Applications to the court for authorisation to intercept eUct^onif 
communrcatxons over digital-display pagers-which are the most commonly tSg 
type of electronic communications— may be made based solely upon the 9 

authorization of a United States Attorney. See 18 O.S.c. § 25X6(3) . 

unlawful use and 
:crTi*iina l7' civil, at 
of evidence, it ' is ' 
agents clearly underst 

3Pr^?i^^^rsv3jgwTOd agBroval _a.re v retired; . andlVhaT such" "a process 
, entai l^ w see 18. U.S.C. §§ 2511, 2515, 2518 (10) , and 2520’. * '• 

ee the Criminal Resource Manual at 31,. for citations to relevant legislatic 
9-7.100 ;\ 

U.'S. Attys.'Man. 9-7.100 
END. OF DOCUMENT 
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• UNITED STATES DEPARTMENT OF JUSTICE 

•V • ' .. r UNITED STATES ATTORNEYS MANUAL 

' . - 1 ■ ■ TITLE 9-CRIMINAL 

/ ’ ' CHAPTER 9-7.000 ELECTRONIC SURVEILLANCE 

• ■' September 1997 

•..9r7. r llp Format for the Authorisation Request 

and approval of a proposed application for 
ij^^e^EleM^ of the 

; -teuJaa.Bj,yl «ian 1 f OKl^sQnfo^^nt O^eratloM win' «n3uct tt, 
r eview of the n ecessary pleadings , which'' inclu<&7 ® W 

J! ,e sff idavit of an ’’investigative or law enforcement officer" of th<=> un-t 

Jo? o4£? 15 eKp0W$red ^ by iaw t0 conduct investigations of, or to makeVre 
for, offenses enumerated in IS p.s.C. § 2516(1) or (35 (which for If 

an?~2?? involving the interception of electronic communications, include 
ny cederal felony offensel, with such affidavit setting forth the nf 

investigation that establish the basis for those orobabie caus*~'"and othe*T 

■ **««*nts required by Title III to be included in the application; 

othS\‘£rnefi^ by - £n ^ ? ni * ed States Attorn «y « his/her Assistant, or ani 
other avtorney authorizes by raw to prosecute or participate in the prcseeu* 

of offenses enumerated in 18 O.s.c. § 2516(1) or (3) that f 

c-nnrt * « UJ * ^nax provides fne basis 

■ of Wire ora^ and/cr * n 0rd ? r the requested intercept! 

OI WjLre ' oral, ana/or electronic communications; and ’ 

C* A, set of orders to be sioned bv the ccur^ 

. or approving the Intention of , ?hl SlUf I-S?* IS%f ff *° L 

communications that are the subject of the aoolica-i nn *? C ' Jr e*ectrona|c 

redacted orders to be served on srv ' inc.uama appropriate* 

• 8 , Da served on any relevant providers of "e’Uctvonir n 

communication service", {as defined in 18 o.s.c. § 2SiouS}).~ ct - on ic 

9-7.110/’ • : 

y*S. Attys. Man. 9-7.110 
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UNITED STATES DEPARTMENT OF JUSTICE 
' UNITED STATES ATTORNEYS MANUAL 
• , ' TITLE 9-CRIMINAL 

■ CHAPTER 9-60.000 PROTECTION OF THE INDIVIDUAL 

September 1997 

9-60.202 .Illegal Electronic Eavesdropping — Prosecution Policy 

The .Germinal prohibitions against illegal electronic ^ , 

- Title 111 are part of the same act which S eavesdropping contains 

f ^ r * e same act wnicn permits federal law enforcement 

■the Sir SKc* on, ^ eotrontc «»«iUtW. Congress vie 
the s^e Si L a ' Jthoriz M i0n a. two sides c 

court-authorized electronic surveillance may depend on ltt'vlL^T g& V 171 

the DepK-man^J ,*• 1 ** ex ? ctr0JUC eavesdropping. Accordingly, it i 

zna ueparument s policy uo vigorously enforce these ^ x 

The ^trrtent T rvtTi&r'ai i x prohibitions ■„ 

ptteerUv'^ Serso°riS .Cr P ° llCy Under 18 <J - SX - * is to to 

pe“ of t4 9 °l procace iile 3sl electronic surveillance » 

ox. me practice or their 'profession or ^ , * 7 

set ^ f * ' * * ■ ^ ^ incident uo their business 

uCL*Vitie$ » emphasis snoula be placed on the , 

the course of - 1 rans 7 tor v 4 v*.on of persons who 

without 'S* L5iS^ ^ i COsnmunicati on S on their own 

, *- ue «3»*5cance ox a professional wiretaooer or A»tr<ie^rAv,«»v . , 

not mean that such persons are never to be prosecuted!, but Jw^H* °! 

C v n ?f°®n Uti ? n - XS not a ma ^ or thrust of ^Department's enforcement nv-Sil™ 
rSltion 

enforcement, and [5) intra-business! The laroest^uSer^^nterLptLns 
than 75 .percent, are in the domestic relations cat^f Z 

commuLStions r wh- S ih fT— ® n< * prosecute illegal 3 interceptions ?f 
communications wmch fall within the industrial snriU^x^i „ . 

enforcement, and intra-business cateoories Generali? su!h v! f^° nege ' law 

. interstate ramifications which will make federal oroLJI!? Vioiations wili ha 

pcos eeption - Nevertheless, in esses “ « 

be. appropriate to . defer to state prosecution. 1 interest 15 slight, it 

Illegal interceptions arising from domestic relafeiftr>s rfCer,,,. 

present- less of a federal interest and therefore ?«L f lsputea 9«nerally 

appropriate. However, this do«lot w« 'that "“T** 10 !? is 

soaicate responsibility for prosecutino such iBt*»ewti<n»* C r t ? ! tt*? ,W 

the preponderance of this kind of < nterceot* on* n« -If 1 ® 3, Indeed, in view o 

effective without the initiation of some prosecution^fn^?^ prograra can b « 

United States Attorneys should develop effective li^Lln purposes 

in orOet to convince thm to shoulder their share of'the burlJ° Ca ? - ose ^ to 

private detective, attorney, o^any «pie^ Sd* 
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. . of electronic surveillanr* d^A^ae rv« <**._.* 

• fteevto '-pursue these cases or refer t-w f S *,k ni ted states Attorneys should 
.pwfessikal should e ^p! orofSll \ t0 l0Cal P“*»«*tors, hoover, no , 

' eoMSCio relations violitions ohich do“^o? ? case exists. 

.are the. lowest priority cases for federal J * nvolv ? a professional intercept© 

ISStfci* n °f“ Uy 

eiOlatlotiS' ofthkj“J£ »ili e ?ometimerprSe°to”'be "j •»«»»»*«•• MwSthSh 
warrant either federal or state pS?Suti?n in «u-f insufficient magnitude 
prove . sufficient, • for example, a civil suit* for othee measures 0 $ 

suppression, of evidence m U.S.C. § 2515}* or foSi*uJ S 2520 > ' 

eavesdropping paraphernalia { 1 $ D.S.C. ^ 551 *?i si^ure 0 .. uhe wiretapping 
. ” xs hurbed persons often susoect that *Hpv a »-&**>> 

Si.fff — ’ complaint »h“h Ule « al 

the th ! tel «P^n« normally does not SUSpicious 

the laiwial line check fails to produce indepe^nrevlSrof rXo^ ti0tt 

irt '*»j» a>a! . - * 
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: united states department of justice 

UNITED STATES ATTORNEYS MANUAL 
: : . . TITLE a-CRIMINAL 

; - . CHAPTER 9-60.000 PROTECTION OF THE INDIVIDUAL 

September 1997 

9-60.262 Prosecutive Policy — 18 U.S.C, $ 2512 

Flagrant violators of 18 U.S.C. 5 2512 should he prosecuted viaorouslv 

a°bu S i« s r SSSS S “" h de ' ,iCeS in 0rder t0 “«•*• in •liitwnih 

£«***• <* 

"In 8fln>*>a«»« • a - T Fh l t ~, sheets tor more lenient disposition 

-24S5 J! a warning may be sufficient. Nevertheless, in all cases r 

perhaps, for minor advertising violations, the United states 

f? ou if„ re ^ rs that ths prohibited device either be surrendered vo-untpri 
the FBi or forfeited pursuant to 18 U.S.C. § 2513. voluntarily t 

2-60. 262 . 

O.S. Attys. Man. 9-60.262 
END OF DOCUMENT 
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7/20/00 6:20PM 
Don Kerr's Testimony 


The revisions that t just gave you do not include a fix for the problem that we just discussed nameSv the 
difference between T-lil’s standards for interception of oral/wire communications, and those for electronic 
communications. The former are set forth in 18 use 2516(f), the latter in 18 USC 2516(3), 

For the purpose of this testimony, the two main differences are: 

(1) that applications under 2516(3) do not require senior level DOJ approval and (2) that they are not 
limited to "certain federal felonies. Tte if * strike the sentence at Sie t«om of ^ge Sop of page 
three (refemngto authorization by a senior official of DOJ) and the last sentence in the first paragraph 
of page three (“Further, interception of communications is limited to certain specified felony offenses n 
we will remove some of the misleading Inferences as to which provision we follow when seekino court 
approval to intercept e-mail. There may may be other instances where the testimony suaoests that we 
use 2616(1) rather than 2518(3); OGC should scrub the testimony again to cSTorSSncS 
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[Carnivore 




From: 

To: 

Subject: 



W PARKINSOf 
Carnivore 



( S^SH9s#^«‘ 

^asa^ed ha { next week there wiii be House hearingsSthatDn Kerr and yoSSHHH 
tedSSKSlof Wi V eSd an op@nins sta!ement tfia{ wi,! ^corporate both the 

■j£nj|i|p[l 2S ' thSemlnt 9 SU y f ° r itS USe ‘ If thiS meetS with your approval - b0 ^ 

toc2id°2 Ln 8 fS tW «? c pa ? ka9e i h8t “ n be installed in box that can easily blend with other devices 
mSnifo, X P ' V- l used und8r cotJrt 3rde r; « ^ not a continous running system. The software is 

wientrf' IS 2 * 5 SS? 4 * , f k f nt t0 3 fieW off5ce when needed * ft was developed by us because we 
were not able to diferentiate between customers and/or messages. Jugdes were authormm verv nafr™, 

Carnivore Sffe" uo from { ° "T*! ° Uf interception up front rather that with post-minimization 

intercept ff P * d captures only those e-maiis we are authorized to intercept or wnat to 

dC \ 1hi f i{ d06S this ,housh a series of *»««. filters allow you to exclude those e-mails 

eX8mp e ’ me 5ubJect of your 0338 is represented by counsel and communSes 
with him via e-mail. You can program Carnivore so that you will not capture these e-mails Or vn . wnt 

sss is r ail his web traffis < Le - his ^K5^s£uS y n8t 

pmtedofnofinvXr 'Percepts just to web mail. Therefore, it is adauliy a privacy 

Data is not stored on the Canivore device, it is stored on a disc or zip-drve that is locked bv kev hv ih* 
f9« f « droved only by «w agm s0 as to raa |„,| an «**„ ^y ^ to fto n K h Xi 

at the fifw °rf Ce f nd placed,ntoa readin 9 device. There is an additional minimization step tha ft occurs 
n ! f to ensure that the case agent does not read any e-maiis that he is not authorize to use 
h» -* ih8C8Lift °, rd f r - ^e may have information up front that aliows us to filter e-mails but there 
Since d . eterm,ne brought the course of the intercept that there are e-mails we can’t have 

fhT™ f °^ ur f ? amiVdre intercepts are not real time, we need to post minimize Once we leam that 
we Sl?« >* back to toe devica and add Sites to toe prcgtam so mat 

*f b8nded tw0 £ fc risfings last week. One was with the Judiciary Committee minority staffers They 
seemed more interested in understanding how Carnivore works, how tong we have been using it for 

m.frtSufr 0 ^ 868 3nd T re ? U,te con!en{ 0f,ce ,he y Earned that we only use Carnivore pursuant to a 
court order. They seemed quite satisfied with the briefing. 


CC: 


CHARLES STEELE,! 


CUfiv2*<n l*> u 


47c -/ 

k ^ 

4 I rr>m 
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WALL STREET JOURNAL 


FBI’s Wiretaps 
To Scan E-Mail 
Spark Concern 


By Nkh, King Jr. 

And tm Bmms 

S^f UepKTiers 0 /Tuk Wall ***** J^kkal 

WASHINGTON -The Federal Bureau 
m investigation is using a superfast sys- 
tem called Carnivore to covertly search 
e-mails for messages from criminal sus- 
pect$L 

Essentially a personal computer 
stuffed with specialized software, Carni- 
vore represents a new twist in the federal 
government’s fight to sustain ffs snooping 
powers m the Internet age. But in employ- 
ing the system, which can scan millions of 
smalls a second, the FBI has upset pri- 
vacy advocates and some in the computer 
industry. Experts say the system opens a 
thicket of unresolved legal issues and pri- 
vacy concerns. p 

The FBI developed the Internet wiretap' 
ping system at a special agency lab at 
Quanto, Vsu, and dubbed It Carnivore for 
Its ability to get to “the meat^ ofowhai 
w’ould otherwise he an enormous quant! fy 
or data, FBI technicians unveiled the Sys- 
tem to a roomful of astonished industry 
specialists here two weeks ago In order to 
steer efforts to develop standardized ways 
of complying with federal wiretaps, 'Fed- 
eral investigators say they have used Car- 
nivore in fewer than 100 criminal cases 
since Its launch early last year, ■ 

Word of the Carnivore system has dis- 
turbed many in the Internet Industry be- 
cause, when deployed, if mixst be hooked 
directly into Internet service provided 
computer network. That would give the 
government , at least the oretica ll y, the ahil- 

ity to eavesdrop on all customers’ digital 
communications, from e-mail to online 
banking and Web surfing. 

The system also troubles some Internet 
service providers, who are loath to see 
outside software plugged Into their sys- 
tems. In many cases, the FBI keeps the 
secret Carnivore computer system in a 
locked cage on the provider's premises, 
with agents making daily visits to retrieve 
w the data captured from ihejproviderts net- 
work. But legal challenges to the use -of 
Carnivore m'e few, and judges’ rahngs^e- h 
main sealed because of the secretive ©a* 
tee of the Investlgatipns, ’ : : 

&rc conducted only, 
under state or federal judtdsl.o^ and 
ocotjcMv^ inffepente The h%e m 
jori^f^etapscondnue^o he tetrad^ 

dSa fm*m ^ 


TO; The computer indostfy 
mo^TheFBf 


DATE IJjl 
FAGE/^h^ 

\Y$C ■ mz V ^ V ^ ^ 


j 1* The FBI installs one of its off-the-shelf PCs at the Internet service provider of 
the surveillance target 

2 * The PC checks e-mails passing through the ISP for information that indicates 
whether an e-mail is going to or from the target. 

3 * if it is, the PC copies the full text of the e-mail to the PC's removable hard 
dnve, which an FBI agent collects daily. 

4 * While it does analyze the destination and sender of other e-mails Carnivore 
does not retrieve their full text. 

S* Once the surveillance ends (average 45 days), an FBI agent gathers the 
computer from the ISP. ' 


Is growing as everyone from drug dealers 
to potential terrorists begins to conduct 
business over the Web, 

The FBI defends Carni vore as more pre- 
; me than Internet wiretap methods used in 
me past. The bureau says the system ah 
I lows investigators to tailor am intercept 
operabon so they can pluck only the digh 
1 ™ traffic of one person from among the 
| stream of millions of oilier messages. An 
aptly code-named Onrni- 
1 suck In as much as to six gh 

gabytes ;of data every, hour; Mi In a less 
V'f / , 

Tv contend that Carnivore is 
: open;fo abuse>v-' Vy- V* > 

\ 4 Easchv'a former federal com* 
puter^rimes prosecutor, said the nature of 

f; tant^ri^cy quesfionsi-s&ce it SaS 
> part <jf every snippet data tramc that 

Swpast, if only to determine whether to 
record it for police, >. . ; 

; ; : "ft’s the electronic equivalent of Men- 
j Everybody’s phone calls to see if ft’s 

h w*. 7 m de ^ < aSen- 
I dons amount of Mormafiom* 

! Others say the technology dramatizes 
how far the nation’s laws are lagging be- ' 
hind toe technological revolution “%js is 
a clever way to use old telephone-era stat- 
fts to meet new challenges, but clearly 
there is too much latitude in the current 
law, said Stewart Baker, a lawyer special- 
izing in telecommunications and internet 
regulatory matters. . -™ 1 

Robert Cora-Revere, of the Hogan $J ' 
Hartson Jaw firm here, represented an \mif 
denhfied Internet sendee provider men, ! i 
of the few legal fights against Carnivore ~ 

! Me said his client worried that the W 
; wotdd have access to ail toe e-mail trafa< : i 
pn .its system,' raising: dire privacy, ant I 
security., concerns, A federal -magistrate f I 
ruled attest toe companyaarty'this year ! I 
leaving it no option hut to allow toe FBI I * 
access to Its system, ’■ . { 

i to desperate need of 

clarification from NCtagres|,£;«^ Afir,> 


Oun-Revere. 

, software is applied to toe 

ISP, there $ no check on the system," said 
Hep, Bob Barr, R-Ga,, who sits on a House 
judiciary subcommittee for constitutional 
affairs. ”If there’s one word l would use to 
describe this, If would be Trightfenlng. 1 ” 
Marcus Thomas, chief of tlie FBI’s Cy- 
ber Technology Section at Quanto/ said 
Carnivore represents the bureau’s effort 
to keep abreast ofrapid changes in Inter- 
oet cornmtinlcations while still meeting 
. the rigid demands of federal wiretapping 
statutes. “This is just a very specialized 
sniffer," he said, . • > .* Y 

'He also noted timt criminal and civil 
penalties prohibit &e bureau from placing 
unauthorized wftetaps, and any informa- 
tion gleaned ,is those types of criminal 
ca^ef would he thrown out of court Typi- 
eal Internet wiretaps last around fs days, 
after which toe FBI removes the equip- 
ment. Mr. Thomas said toe bureau usually ‘ 
has as many as 26. Carnivore systems on 
hand, "just to case.*’ 

FBI experts acknowledge that Cami- 
TOre’s monitoring can be stymied with 
computer data such as e-mail that is 
scrambled using powerful encryption tech, 
oology. Those messages still can be cap- 
, lured, hut law officers trying to read the 
contents are “at the mercy of how weii it 
was encrypted,” Mr. Thomas said. 

Most of toe criminal cases’ where the 
, us f« Carnivore is the past 18 months 
focused on what toe bureau calls “infra- 
structure protection," or toe hunt for hack- 
ers, though it also was used in counterter- 
rorism and some drug-trafficHng cases 
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By D.IAH HOPPER 
xTte AssocsatedftBss 



? ! ibert ? S 30(3 pnvacy 9rou P s are M'm against a new system designed to allow law enfomemerif 

> 336015 ******* ^ *■*» huge amounts of twnaif In connection with an investigation. *™ man * 

D»^«n. oMM "CamtaV was tot hinted at oa Apdl 6 in testimony to a House subcommittee. Now the FBI has it in 4 

^^^olaSi''p^. , ” W, S ^“ ^ “ “« «“ «■ «*** emiails tor messes associated 

In a tetter addressed to two members of the House subcommittee that deals with Fourth Amendment ^ ■' - 

2£S;r CiV l Ub !? s Union Sf3ued «* breaches the internet pmS^s “** 

customer by readmg both sender and recipient addresses, as wet! as subject lines of ifda^e Si? f „ 

copy of the entire message. miss or e-maiis, to decide whether to make a 

Further, white the system Is plugged into the internet provider's systems it is contmittsH cn^w u,. , • . . , 

m a traditional wiretap, the tap is physical placed and maintained by the telephone c^y enforcement agency. 


*£Z1£ ,ml ,m such 8 da " a l , - ■» »od 

p A no even then, he sard, the data mined by Carnivore, particularly subject tines, are already intrusive. 

*'t r . . .. - ... 


congressman had no com^^onlhe tetten ’ V *° headS the H ° USe JudlC,afy sut> committee on the Constitution, sard (h 

in testimony to Canady's subcommittee, Robert Com-Revere, a lawyer at the Hooan A Harfcnn u . 

Wnted anhtemet proper that reused to install the CamiJTsysf^ The ^ ZZ^T' ^ he 

Com-ftewre sard, because the comnanv foam* c. «»«■&*«, > 7 pfovaer was placed in an awkward posit on,* 

use me company feared suits from customer unhappy with the government looking irib all the »«£ 

It was acknowledged by the government) that Carnivore would enable remote «ntM tX ieo< 7 • , •• t* 
the exclusive control of government agents,* Com-Rewre said. access to the ISP s netwodt and would be under 

&wn4bwre toid the committee that current law is insufficient to deal with Carnivore's mtentmi at «* «, , , . 

2£?£ST PM bee*, ot ft. IMM comtoctioo to tetopho™ tea. am. that' «i CS SSdtST 

not tewaa! the name ot his cbent, ®it) toe ctiaot tost the oaao. Ho said toe FB, baa boon u*p Cam™* erne. 

^XOempaoy. Motor sM counao. at too Comer lb, (Wrnoy ano Tochnotopy. said th. main pmbtam wtth Caml»m la 

ttaTtSotodSS - 8 ““ **“’* "" ”' 6W * * Bp ‘ ta »«r *>“• "Not ow to ISP koows exactly what 
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SSIteSSS hSmSt^^Jf^* ’““w *» not alow the Manet 
■^^•wryMgto tte FBL W? """ ••*•"*>«« “>*r • ""*> *m*t. The cartels complained that toy h 

I "* “"“ °* m ' ° mimi S,la ' " By “*• “ billon, they 

* I^i t A?^®'L? lree ‘ Joumal lhal lte bureau has atroul 20 

to keep upwfththefrrtemet V ‘ e satd Camiwe meets current wiretapping laws, but is designs 

sjtx ; ^ '+ . ^ 

eSSf*^ done rrtth an email encoding program like P GP , sK .(aye to cocte „ ift ^ )0 ^ ^ 

| d ““ P a.^ l ^ti^S^ S 5S2^'lo‘intt^^l J feSS h ^2,IISli Pr0b ^' y “ n '"'"' > " •’***• •“ 11 *«• *d how It 

i ~' lKFBI •’h*** mM ‘ e Ms «t™» an open-source product.- tie said "then the secret is gone.- 
On the Net Federa! Bureau of investigation: http://wvwfbi.gov 
American Chff liberties Union: http://www.aclu.org 
Center far Democracy and Technology: http://www.cdt.org 
Pretty Good Privacy {PGP}: www.pgp.com 
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Stop Snooping on E-mail 

(APBnevvs.com) - Die pressure is mounting on the Justice Department to 
* # new FBI wiretap system P cmt0 

that »r ffWi/C artAn+o «* 


acc ess to vast amounts of e-mail traffic. 

< V :' '■?: .v\. -; - c V-'\ .:•>. •• rVjV’t •<£'*'• x . .. . 

• •, ■ , • •• •• .•:• v<- 


^«^alied Carnivore system, which has come under fire from law-makers as well as civil 

liberties groups since revelations about its existence 

surfaced fast week, gives the FBI widespread access to monitor Internet service providers. 
Iteo^er this week urging her to put the wiretap system on hold until privacy concerns are 

££3SSr:C C0Kems “ a “” **— 

Ca “ E '^ ‘^.^.Obeapubnc 

going on for a year and nobody knew.” 

Reno ordered review- 

or<,erai a re ™ w ° f 1 te - *- «* 

today, 

w“^! she “" deBlan ‘ b * md fct * is *#* 

adequately addressed.” * • 

'The keys to the kingdom' 

R^. Bob Barr - who described the Carnivore system surveillance abilities as “ffightenine" - 
tnay demand similar restraints at a congressional ** ® 

oversight hearing on the program next Monday, a spokesman said. . ‘ 

Re publi&^ gmeCl ab0 “ tlK “ of «** B -*> Alexander, a spokesman for ft, Qeorgia 

Civil libertarians, also outraged at the extent of the FBI’s ability to monitor the e- mails of 
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imioeent ^ ople' also want Carnivore suspended, 

Bmy Stekhardt! who is tcheljtho teUfy aT"^ Cml Ubcnks Union Associate Director 

ex|wct us to trust them. WdM don’t. They have Si ™ mi ° fc ° mmuaications ’ and {he >' 

a ^^?? a ^ USe 211(1 stretcilin & the ilmits of what they are entitled to," 

A critical tool, FBI says 

j t 

; 

agency wants ^ ftTpublte l>w C^iTOre 1 ™™ Sp ° te ™“' Paul Brcsson ' w 110 U>= 

are." 

2;-*^*^ ,he !ys,cm 8ives agen,s fc » 

m a ' Wi '" aPS haV<! “ ‘° COm ' iC,i °" S ° n5 - 600 **» to 1 3 years, according ,o .he 
New wiretap rules sought * 

proposals (hat woSd require a Chu:rof SlaffJoh " announced 

S2. l £Z£Z£S^ W “ e a ‘ "* “»“«”* «• Ws ability 

The ACLU said the White House did not go far enoueh in in r^sr.n«c , * 

surveillance powers. S gh 1 te res P onse to increasing government 

should have "disavowed ** Carmvore '" he said, when die administration 
Smm t^KT"'' ** litt ' e Cte “ ° f ' “■« — »«r Clinton 

LU ° n Frid ? y f,led a F,K!dom of! Ih&nuation Act request for the souree code 
computer program instructions, and other technical Ce co ^ c> or 

■SSSSS !”l“SIT Sram ' ^ ® “ d * Wili "ith FOIA rules and 
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BOB BARR 
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**o*f imi 22S-293* 
*202*225 29** 

««, i% #hm nc^te *>#»* 


CONGRESS OF THE UNITED STATES 

1207 lONGWOBTH HOUSE SUJIOiNG 
WASHINGTON, D C, 20515*100? 


July 24, 2000 


COMMITTEES 

JUOIDAfiy 

BANKING ANO FINANCIAL StRViC 
GOVERNMENT RffORM 

Suttfttmtottiet i J*> 

D<u§ Pottcv, *«■ wj Hum * a Rtsow^ei 
VICE CHAPMAN 


The Honorable Louts i. Freeh 
Director 

Federal Bureau of Investigation 
935 Pennsylvania Avenue NW 
Washington, D.C. 20535-0001 


IN R£: Request for Information Pertaining to Carnivore Svstero. 

Dear Director Freeh: 

In light of the recent disclosure of the Bureau’s use of Carnivore, and given the 
substantial public interest in this matter, J hereby ask to review all records concerning 
the Carnivore system. 

Included in the records should be : 

* A description of Carnivore ’a capability 

► A history of Carnivore’s development and use 

*■ The number of cases in which Carnivore has been used, and the number of 
Internet Service Providers (ISP) that have had the system installed. 

* An analyses of the legal issues the Bureau considered before deploying the 
system. 

White t wuuid welcome any explanatory information the Bureau is willing to provide 
in response to my inquiry, I am requesting the original, source documents 
themselves, and would like to receive them before August 7, 2000. Given the 
potential impact on the public of Carnivore, 1 would like to make the' material 1 
receive public, and would like the Bureau to authorize this public release. 

Thank you for your cooperation. If you have any questions, please contact my 
Legislative Counsel, Keri Allin, at 202/225-2931. 1 look forward to reviewing the 
information. 
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BB:ka 

cc: The Honorable Janet Reno 

The Honorable Dennis Hasten 
The Honorable Richard Ar$tey 
The Honorable Tom DeLay 
The Honorable J.C. Watts 
The Honorable Dan Burton 
The Honorable Henry Hyde 
The Honorable Charles Canady 
The Honorable Bill McCollum 
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Washington 

I N 198, the Supreme Court took up the 
ease of Roy (Big Boy) Dims lead, a 
bootlegger whose phones had been 
tapped by federal agents without a war- 
rant The court ruled that evidence obtained 
fcn that way was legal, prompting a remark- 
able dissent by Judge Louis D, Branded 
“Hie progress of science in furnishing the 
government with the means of espionage is 
not likely to stop with wiretapping” Justice 
Braudels wrote in a dissent that the court 
adopted as the law nearly 40 years later. 
‘'Ways may some day be developed by 
which the government, without removing 


The White House proposed replacing 
these illogical distinctions with a uniform, 
rational set of standards. Civil liberties and 
privacy groups support this idea In princi- 
ple, but are highly critical of the arfmfosstra- 
tion for refusing to explain how broadly it 
intends to use Carnivore or to describe what 
safeguards are in place for preventing its 
abuse, •>. .... , * • 

*Law enforcement officials say that com- 
puter systems like Carnivore are necessary 
because e-mall is becoming more frequent- 
ly used for communication among crimi- 
nals, And the officials note that these cyber- 
monitors can actually be set to record com- 
munications much more selectively than a 


t 


phone tap. 

Carnivore could, for 


instance, be pro- 


papers from secret drawers, can reproduce ( grammed to pick up the e-mail from only 
them la court, and by which It will be' ‘ y * * '* * — * ,WS,A 


enabled to expose to a jury the most inti- ; 
mate occurrences of the home,” : 

’* Thanks to the ubiquity of e-mail and the * 
Ingenuity of the F2LL that day has arrived. 
Over, the last couple of weeks it has been 
Widely reported that the F.B.L is now using 
■^computer . program called Carnivore, 
which, tmce Installed on the network of an 
llnteniet service provider, can troll through % 
^millions of e-mail messages and hone in on i 
rthc electronic correspondence of suspects, 

G far, the F*B X has reported using 
the program fewer than 25 times 
since ft was developed 18 months 
agp, but that number is expected to 
grow quickly, since the bureau expects ft to 
become an indispensable law enforcement 
tool, particularly in international espionage 
and terrorism cases. 


Si 


{ That's fine, say critics, but Carnivore is 
{also capable of simultaneously monitoring 
the communications of people not suspected 
of a crime. That has caused civil liberties 
♦groups and privacy advocates to worry that 
the technology might be used to monitor 
.unpopular groups or political enemies, and 
[not just suspected criminals, 
p Last week, as lawmakers on Capitol HU! 
began voicing their concerns, the White 
teouse moved to calm the growing storm, 
tffohn Poteta, die president's chief of staff, 
fegfe&t^ that would set 

* mpdremems tor surveillance In cy- 

^ v * * 


one sender and a particular co mputer, while 
excluding such e-mail as messages to or 
from, say, the sender's lawyer or wife. 
Phone taps* on the other hand, pick up 
everything. 

At a news briefing on Friday, top F.B.L f 
officials also announced plans to submit 
Carnivore to analysis by independent aca- 
demics, and noted that the system kept a Jog 
of what It was asked to pick up, which could 
bo used by a court to spot any violations* 

in making their case, supporters of cyber- 
suryeiiiance say that the only way to track 
e-mail is by combing through all of the 
messages on a particular network, because 
e-mail consists of a senes of digital packets 
that are broken apart at the sending end and 
transmitted along multiple electronic paths 
before being reconstituted by the recipient's 
computer. 

Nonetheless, privacy groups and some 
Internet service providers, or L$.P.% say 
there remains a less intrusive alternative. , 
The providers, like ACL or the Microsoft 
Network, could be ordered by a court to turn 
over specific material, rather than give the 
FJ3X unlimited access to a network- That is 
precisely how telephone companies are. 
treated; they cooperate with warrants for 
wiretaps and lists of telephone numbers 
called from a particular phone. 

“The real question Is who should be in 


to red by computers and more easily 
masked by encryption. 

As even household appliances begin to be 
wired Into the Internet mid many of our 
most personal thoughts and associations are 
ndw shared with the computer, the issue has 
taken ^on a new imperative and is -being 
debated on a global scale. 


T! 


HE British government (whose 
house-to-house searches in the Eng- 
lish colonies led to the Fourth 
Amendment prohibition against un- 
reasonable searches) is near to adopting a 
law, the Regulation of investigatory Powers 
Bill* or RJLP., that would require Internet 
sendee companies to finance the permanent 
installation of a Carnivore-like system for 
government use, 

A similar system is already in placer, in 
Russia, while in the Netherlands a debate is 
raging over whether the government should 
have the authority to tap into e-mail at all'* 
“Thls.debate really cries out for a return 
to first principles ” yak! Marc Rotenberg. 
director of the Electronic Privacy Informa- 
tion Center, a research organization that 
studies privacy issues and technology. 


feEwyoac agrees that some kind of laps* 
Utkjp^aaeded to make sense of rise exist- i 
of laws jand courrea seym 
At present fdjpex-; 
“ petdy^c^le modem Is qibre - 



control,” said.James X. Dempsey, staff at- 
torney for the Center for Democracy and 

fmrementm t Jne^^ce,kickthecompaiii^ 
out of the way, hook up & black boxrand say, 
doaVfmidift” * ^ a; v ,v>« - j 

Other experts said that ftwas timedor a t. 
reappraisal of all the standards used bydhe 
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Statement for the Record of 
Donald M. Kerr, Assistant Director 
Laboratory Division 



Before the 

United States House of Representatives 
The Committee on tee Judiciary 
Subcommittee on tee Constitution 
Washington, D.C. 


Carnivore Diagnostic Tool 


Good afternoon, Mr. Chairman, and Members of the Subcommittee i am n«»i<sittt in, 

tee FeSEanin SS *? ^ em ®L and data interception capabilities developed by 
oe Federal Bureau of Investigation* The use of computers and the tnt&mof i© nrAU? : n ^ 

cr^es’ami m h 6C! b ^. 8Xf)! f tat ' 0ri ° { computers, networks, and data bases to commit 9 
comnuuS L sec f ity * afld P rtvac V' of others. Criminals use 

pornography to each other using anonymous, encrypted 

customer'h^» S artrfl terS bre !, k tnfafinandaf service companies systems and steal 
incvnanl - bom ® addres$e s ond credit card information; criminals use the Internet's 
mej^ensive and easy communications to commit large scale fraud on victims* ail ov«r 
detemnn «?,rh !?! rr0r ‘ : !f bombers plan their strikes using the Internet, investigating and 
wrongdoing requires toots and techniques designed to work with new 
S^« S w°K P , U ers and technologies. The systems emptoyed musSike a 
bStween C0ffl peting interests- the privacy interests of * 
telecommunications users, tee business interest of service providers and th* dnh/nf 

KtoSC 0 ' 8 ' 0 f° tect saf&ty ‘ 1 wouId «•» to discuss how tee Fb/ 

»s meeting this challenge in the area of electronic maii interception. 

co2^ams^f^LH ,a ^ Street Journal published an article entitled "FBI's system to 
* u l E-fnaii raises privacy, lagai issues/ This storv was irnrrc6ffet£*fv 

aaia * r*" 01 “ miiaf "■»* h «■» ■»»« bSs s l - 

ft, nj^vraf * Stem 38 ominous anti raising concerns about tbe possibltttv of 

S£TiJ£X%£ ‘SZZSTS*; •*“* *>*- E-maSfSSf % " 

S^EZ?* 1 v ’f et * s a S°- (t * critically Important as technology, and particularfy 

ouarantSStSf^ 1 ^ 0 ^’ * co ” tin “ 9s to «*** rapldtyf, teat tee publicise 
guaranteed that their Government Is ohservinn tha c****^, ***** ~-.il*.*. _*?_ 
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tojd^ P inte >n ^f- totomeptions of criminal wire and electronic communications 
tedudrng teternef communications, under authorities derived from Title E 
Omnibus Crime Control and Safe Streets Act of 1968 (as SSi^mmonly 
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J^Jll ®C any pensonv^owasa part to an intercenterf 

against whom an Interception was directed nrK t S? n 7 te or was a 


tetercepfion was insuffictentonits face r authorosng or approving the 

was 001 in conformance 


m person whose communfcaions am imLwf », ?^? r8 * a or both* In addition, 

:„. as s^gg'T 

P a ^ iR St me person or entity engaged in the violation.- 

Sl^m3SSSr2l5^oS)^S i SlMS* a n? TOM ^ enCy 

SsHssBr^sisir 8 
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Person is according the person whose land,ord > oustodian, or 

practice, judges may sign two ordeS we^SSSSS b f inSefcepted in 
agency to conduct the electronic surveillance «nd^I!? n % th ti aw enfo rcement 
otow; directed to the service provider, sScifyln?1or5S^^ assistance 

■J“9 tefe ^wfS a 5SSiW*«iySyte«ss2 r d l ? l ° l, ' e,S (otan ^" e 

ssssssa^^ 

among others, that servic© proKteStt^' ! * is forth{s 


product, but, in many cases, ser^TSi a L SS2??f f 6 fina! We ^P«on 
lucres to issue’ the i0 cook, and for - ' 

SSK^iSiSSS S^SaST' T re “”&w 

sr sre - *• te - *. 

analog communications. For exampte^ntemef u^i^ f diSCf ' m!nafon man oider 
messaging services, like E-mart tn «v»m. .!uS* WS ^ ftB 3 uef ^ 088 atectronic 
reminiscent of a tetephonfS^ Mjvkiuals i n a manner 

often the targets of court oSdSeroeiS h 2^^ ‘ Such m6ssa Se$ am 

««tte web, which looks momfflSS^^, U ^ sere also use services, like the world 

internet services, like stTimSSoTete ^L** 10 "® CafL some 

« streaming vtdeo, have more in common with broadcast media 
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®!ses, these afaififes are satfsfactay andSowS S? ? d user accouf «s- In such 

a 25?* 10 ®wt cases. »SPs do n2 have such SSlSf ^ a court 0f f ter - 
3 S&CUfg lH3nn©L AL<2A mrtti > capabMios or cannot omnimr *w 


t^ lsp fntemeptian order. The FBI also depends uj 


Anott^ primary consideration for using me Carnivore system is data integrity. As you 
know. Rate 901 of the Federal Rules of Evidence requires that authentication of 
i c2ff as a P fecond toon tor admissibility. The use of ihe Carnivore system by 
the FBI to intercept and store communications provides for an undisturbed drain of 
custody by proving a witness who can testify to the retrieval of the evidence and the 
process by which it was recorded. Performance is another key reason for preferring 
tots system to commercial sniffers. Unlike commercial software sniffers, Carnivore is 
designed to intercept and record the selected communications comprehensively 
without 'dropped packets,* 

to. conclusion, * wou * d fike to say that over the last five years or more, we have 

2*£?1 a 5S ot ‘ ndin i stead y 9 fowth to instances of computer-related crimes, 
mdudng tradrtond cdmes and terrorist activities which have been planned or carried 

Glit. Ifl ftArf this. JnfawrtA* TW* ^ . . ■ . w 



tn fWttiif, *** tmu, uepenoem upon o m 

to tewfuily coiiect vital evidence of wrongdoing. As the Internet becomes more 

Comdex, so do the challenges placed on us to keep pace. We could not do so without 
me continued cooperation of our industry partners and innovations such as the 
Carnivore software. I want to stress that the FBI does not conduct interceptions, install 

and operate pen registers, or use trap & trace devices, without lawful authorization 
irom a court, 

iL°flr ard to Work i ns with me Subcommittee staff to provide more information and 
welcome your suggestions on this important issue. I will be happy to answer any 
Questions that you may have. Thank you, * 
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Statement for the Record of 
Donald M. Kerr 
Assistant Director 

. - Federal Bureau of Investigation 

% ^1^': ' Before the 

Vh-:v%- i United States House of Representatives 

< The Committee on the Judiciary 

Subcommittee on foe Constitution 
^ . . » Washington, D.C. 

. 7 / 24/2000 " 

' Good afternoon, Mr, Chairman, and Members of the Subcommittee. I am grateful for this 
opportunity to discuss the Internet and data interception capabilities developed by the Federal 
Bureau of Investigation, The use of computers and the Internet is growing rapidly, paralleled by 
exploitation of computers, networks, and d ata bases to commit crimes and to harm the safety, 
security, and privacy of others. Criminals use computers to send child pornography to each other 
using anonymous, encrypted communications; hackers break into financial service companies 
systems and steal customer home addresses and credit card information; criminals use the 
Internet’s inexpensive and easy communications to commit large scale fraud on victims all over 
foe world; and terrorist bombers plan their strikes using foe Internet. Investigating and deterring 
such wrongdoing requires tools and techniques designed to work with new evolving computers and 
network technologies. The systems employed must strike a reasonable balance between competing 
interests - foe privacy interests of telecommunications users, foe business interest of service 
providers, and foe duty of go vernment in vestigators to protect public safety . I would l ike to 
discuss how foe FBI is meeting this challenge in foe area of electronic mail interception. 
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Tw weeks ago, the Wall Street Journal published an article entitled "FBI's system to covertly 
search E-mail raises privacy, legal issues." This story was immediately followed by a number of 
^ similar reports in the press and other media depicting our Carnivore system as something ominous 

S > ,5*V ' y. . ... ... 

and raising concerns about the possibility of its potential to snoop, without a court order, into the 
private. E-mails of American citizens, I think that it is important that this topic be discussed 

; . ‘ ■;* * !f ■ ■■ : 

openly-and in fact this was the reason we choose to share information about this capability with 
industry experts several weeks ago. It is critically important as technology, and particularly 
communications technology, a continues to evol ve rapidly, that the public be guaranteed that their 
government is observing the statutory and constitutional protections which they demand. It is also 
very’ important that these discussions be placed into their proper context and that the relevant facts 
concerning this issue are made clear. I welcome this opportunity' to stress that our intercept 
capabilities are used only after court approval and that they ate directed at the most egregious 
violations of national security' and public safety. 

The FBI performs interceptions of criminal wire and electronic communications, including Internet 
communi cations, under authorities derived from Title !H of the Omnibus Crime Control and Safe 
Streets Act of 1968 (as amended), commonly referred to as "Title 111", and portions of the 
Electronic Communications Privacy Act of 1 986 (as amended), or "ECPA". Such federal 
government interceptions, with the exception of a rarely used "emergency ** authority or in cases 
involving the consent of a participant in the communication, am conducted pursuant to court 
orders. Under emergency provisions, the Attorney General, the Deputy or the Associate Attorney 
General may , if authorized, initiate electronic surveillance of wire or electronic communications 
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a court order, but only if an application for such order is made within 48 hours after the 


surveillance is initiated. 


Federal surveillance laws apply the Fourth Amendment's dictates concerning reasonable searches 
and seizures , and include a number of additional provisions which ensure that this investigative 
technique is used judiciously, with deference to the privacy of intercepted subjects and with 
deference to the privacy of those who are not the subject of the court order. 


For example, unlike search warrants for physically searching a house, under Title HI, applications 
for interception of wire and electronic communications require the authorization of a high-level 
Department of Justice (DOJ) official before the local United State Attorneys offices can make an 
application to a federal court. Unlike typical search warrants, federal magistrates are not 
authorized to approve such applications and orders, instead, the applications arc veiwed by federal 

district court judges. Further, interception of communications is limited to certain specified federal 
felony offenses. 


Applications for electronic surveillance must demonstrate probable cause and state with 
particularity and specificity: the offenses being committed, the telecommimications facility or 
place from which the subject’s communications arc to be intercepted, a description of the type of 
conversations to be intercepted, and die iden tities of the persons committing the offenses and 

anticipated to be intercepted. Thus, criminal electronic surveillance law's focus on gathering hard 
evideace-not intelligence. 
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wdicatc that other normal investigative techniques have been tried and failed i 
gather evidence of crime, or will not work, or are too dangerous, and must include information 

. * “SS?! ^ 0T d >S mnic survemanc « regarding die subject or facility in question. Court 

30 d^s, with extensions possible, and must terminate sooner if the 
objectives are met Judges may, and usually do, require periodic reports to the court, typically 

, evety7t0 10 ^vising ^ it ofthe progress of the interception effort This assures close mid 
V 0 ^ ln g oversight ofthe electronic surveillance by the United States Attorney's office handling 
die case and frequently by die court as well. Interceptions are required to be conducted in such a 
way as to "minimize the interception of communications not otherwise subject to interception" 

under die law, such as unrelated, irrelevant, and non-criminal communications ofthe subjects or 
others not named in the application. 


To ensure the evidentiary integrity of intercepted communications they must be recorded, if 
possible, on magnetic tape or other devices, so as to protect the recording from editing or other 
alterations. Immediately upon the expiration ofthe interception period, these recordings must be 
presented to the federal district court judge and sealed under his or her directions. The presence of 
the sea! is a prerequisite for their use or disclosure, or for the introduction of evidence derived from 
tire tapes. Applications and orders signed by the judge are also to be sealed by the judge. 

Within a reasonable period of time after the termination ofthe intercept order, including extension, 
the judge i s obligated by law to ensure that the subject of the interception order, and other parties 
as are deemed appropriate, are furnished an inventory, that includes notice ofthe order the dates 
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during which the interceptions were carried out, and whetehr or not the communication were 
intercepted. Upon motion, the jusge may also direct that portion of the contents of the intercepted 
communication be made available to affected person for their inspection. 

Under Title HI, any person who was a part to an intercepted communication or was a party against 
whom an interception was directed may in any trial, hearing, or other proceeding move to suppress 
the contents of any intercepted communication or any e vidence derived therefrom if there are 
grounds demonstrating that the communication was not lawfully intercepted, the order authorizing 
or approving tire interception was insufficient on its face or the interception was not in 
conformance with the order. 

The illegal, unauthorized conduct of electronic surveillance is a federal criminal offense 

+ 

punishable by imprisonment for up to five years, a fine, or both. In addition, any person whose 
communications are unlawfully intercepted, disclosed, or used, may recover in a civil action 
damages, including punitive damages, as well as attorney’s fees and other costs against the person 
or entity' engaged in the violation. 

The technical assistance of service providers in helping a law enforcement agency execute an 
electronic surveillance order is always important, and in many cases it is absolutely This 

is increasingly the case with the advent of advanced communication services and networks such as 
the Internet Title III mandates service provider assistance incidental to law enforcement’s 

5 
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a court order authorizing the 


telecommunications “service provider, landlord, custodian, or other person shall furnish the 

■* *, ' \ . \ • < \ . . . r • 

applicant forthwith all information, facilities, and technical assistance necessary to accomplish the 
interception unobtrusively and with a minimum of interference with the services that such service 
provider, landlord, custodian, or person is according the person whose communications are to be 
intercepted. In practice, judges may sign two orders: one order authorizing the law enforcement 
agency to conduct the electronic surveillance, and a second, abbreviated, assistance order directed 
to the service provider, specifying, for example, in the case of E-mail, the E-mail account name of 
the subject that is the object of the order and directing the provision of necessary' assistance. 


Service providers and their personnel are also subject to the electronic surveillance laws, meaning 
that unauthorized electronic surveillance of their customers (or anyone else) is forbidden, and 
criminal and civil liability may be assessed for violations. Not only are unauthorized interceptions 
proscribed, but so also is the use or disclosure of the contents of communications that have been 
illegally intercepted. It is for this reason, among others, that service providers typically take great 
care in providing assistance to law enforcement in carrying out electronic surveillance pursuant to 
court order. In some instances, service providers opt to provide “full” service, essentially carrying 
out the interception for law enforcement and providing the final interception product, hut, in many 
cases, service providers are inclined only to provide the level of assistance necessary to allo w the 
law enforcement agency to conduct the interception. 
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Ci recent years, it has become increasingly common for the FBI to seek, and forjudges to issue, 
Hj lip? < *^ eis f°r *ntl® Iff interceptions which are much more detailed than older orders which were 

tg jk ' ■ ; against “plain old telephone services.” These detailed order, in order to be successfully 

-v§| | implemented, require more sophisticated techniques to ensure that only messages for which there 

ft! I to intercept are, in fact, intercepted The increased detail in court oixiers^ ; 

responds to two facts. 


First, the complexity of modern communications networks, like the Internet, and the complexity of 
modem users’ communications demand better discrimination than older analog communications. 
For example, Internet users frequently use electronic messaging services, like E-mail, to 
communicate with other individuals in a manner reminiscent of a telephone call, only with text 
instead of voice. Such messages are often the targets of court ordered interception. Users al so use 
services, like the world wide web, which looks more like print media than a phone call. Similarly, 
some Internet services, like streaming video, have more in common with broadcast media like 
television, than with telephone calls. These types of communications are less commonly the 
targets of an interception order. 

Second, for many Internet services, users share communications channels, addresses, etc. These 
factors make the interception of messages for which law enforcement has court authorization, to 
the exclusion of all others, very difficult. Court orders, therefore, increasingly include detailed 
instructions to preclude the interception of communications that lie outside the scope of the order. 
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In response to a critical need for tools to implement complex court orders, foe FBI developed a 
number of capabilities including the software program called “Carnivore.” Carnivore is a very 
specialized network analyzer or “sniffer” which runs as an application program on a normal 
personal computer under fee Microsoft Windows operating system. It works by “sniffing” the 
proper portions of network packets and copying and storing only those packets which match a 
finely defined filter set programmed in conformity with foe court order. This filter set can be 
extremely complex, and this provides the FBI with an ability to collect transmissions which 
comply with pen register court orders, trap & trace court orders, Title III interception orders, etc. 


it is important to distinguish now what is meant by “sniffing.” The problem of discriminating" 

between users’ messages on the Internet is a complex one. However, this is exactly what 

Carnivore does. It does NOT search through the contents of every message and collect those that 

contain certain key words like “bomb” or “drugs.” It selects messages based on criteria expressly 

% 

set out in the court order, for example, messages transmitted to or from a particular account or to or 
from a particular user. If the device is placed at some point on the network where it cannot 
discriminate messages as set out in the court order, it simply lets all such messages pass by 
unrecorded. 

One might ask, ‘why use Carnivore at all?” In many instances, ISPs, particularly the larger ones, 
maintain capabilities which allow them to comply, or partially comply with lawful orders. For 
example, many ISPs have the capability to “clone” or intercept, when lawfully ordered to do so, E- 
mail to and from specified user accounts. In such cases, these abilities are satisfactory and allow 
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foil compliance with a court order. However, in most cases, ISPs do not have such capabilities or 
cannot employ them in a secure maimer. Also, most systems devised by service providers or 
- P^kased “off the shelf’ lack the ability to properly discriminate between messages in a fashion 
diat complies with the court order. Also, many court orders go beyond E-mail, specifying other 
protocols to be intercepted such as instant messaging. In these cases, a cloned mailbox is not 
sufficient to comply with the order of the court. 


Now, I think it is important that you understand how Carnivore is used in practice. First, there is 
the issue of scale. Carnivore is a small-scale device intended for use only when and where it is 
needed. In fact, each Carnivore device is maintained at tire FBI Laboratory in Quantico until it is 
actually needed in an active case. It is then deployed to satisfy the needs of a single case or court 
order, and afterwards, upon expiration of the order, the device is removed and returned to 
Quantico. 


The second issue is one of network interference. Carnivore is safe to operate on IP networks. It is 
connected as a passive collection device and does not have any ability to transmit anything onto the 
network. In fact, we go to great lengths to ensure that our system is satisfactorily isolated from the 
network to which it is attached. Also, Carnivore is only attached to the network after consultation 
with, and with the agreement of, technical personnel from the ISP. 


This, in feet, raises the third issue - that of ISP cooperation. To date, Carnivore has, to my 
knowledge, never been installed onto an ISP’s network without assistance from the ISP’s technical 








. _ ;i^|^^^^ , T aOTe ^ UtotMtte “ 4e ' eChlUcal ® alow fedge °f the ISP’s personnel, 

,7 <WH “ 11 ’ “ d “ S0 “ insla " ces Nxwftte for law enforcement ageticies to 

SUKKrf “ % - i ^ ^ Nm of an interception enter. lie m 

ate depends upon foe iSP perconnel to understimd foe protocols and arehitecfore of their particular 


networks. 


Another primatj eonsideratton for using the Carnivore system is data integrity. As you know. Rule 


901 of the Federal Rules of Evidence 


requires that authentication of evidence as a precondition for 


its admissibility, lire US e of tire Carnivore system by foe FBI to intercept tmd store 
communications provides foran undisturbed chain of custody by ptuviding a witness who can 
testify to foe retrieval of the evidence and the process by which i, was recorded. Petfottnance is 
another key reason for preferring this system to commercial sniffera. Unlike commercial software 
sniffers. Carnivore is designed to intercept and record the selected communications 
comprehensively, without “dropped packets.” 


m conclusion, I would like to say that over foe las, five years or more, we have witnessed a 

^ “ of«™,«,ed crimes, inchtding traditfooaicrimes and 

teTOnS1 **''"“* ^ ^ P '“ ned ot ranietl ««. Pan, using foe Internet The ability of 
the law enforcement community to effectively investigate andpreventfoese crimes is, inpari, 

dependent upon our ability to lawfully collect vital evidence of wrongdoing. As the Interne, 

Itecomes more complex, so do foe challenges placed on its to keep pace. W. could no, do so 
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if% cooperation of our industry partners and innovations such as the Carnivore 

^ S0 |gf' 1 want to stKSS ftat <*» FB * &** not conduct interceptions, install and operate pen 
’•• vsetza P & &«» devices, without lawfoi authorization from a coart ' 



I to* forward to working with lire Subcommiaee staff to provide more information and welcome 
yonr suggestions on this important issue. 1 will be happy to answer any questions that you may 


haw. Thank you. 


v- .* 


U 
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IBlMakesCase 
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. Fire on Hill- * 

:<*. -■ f 

fyloHsScavAin* t . • 

gWangwi hi t Su^f Writer- 

PoMml law enforcement ofiS* 
^afs defended *Cantlvore w -»^be 
rBFfi controversial Internet wixe- 
&P $y$tem~~ifoough more than 
two acdmamous hours ©f gnSmg 
by Bemotsratic and Republican taw- 
i makers yesterday, painting a ddlb 
tag ptdmt of ait .Internet that 
woaM become a safe haves for 
' &Oob and terrorists without prop- 
■or surveillance, 

v ' vQimfoa& use computers to 
i V&toOqfo to each 

i FBI Assistant 

j Director Donald M, Kerr told the 


vfv.^y ; ^ «^««w*we wawsKwiosi 
“Cfimiaals use txmmm to send 
ch3tf fKHrougraphy to each other," 
said FBI official Ponald M* K«r. 


f House Judidary subcommittee on 
t the Constitution,, "Hadkers break 
J^lnto financial service compaai^ 
/ SF&ems and steal tmstmncra'feome 
icredit^ard , nw& 

■ bers^ criminals use the Internets 
; fne^pes^ind easy comrmimca- 
I tkfcs to commit largeocak fraud 
* * tfi ©war wtfol and 

r Many of &e iawmdkere seemed 
ts cpuomied with &e actions 
iofthe law enfeoement offers 
* ^u*e potential for abuse herelsfre-' 
rnttsdcmf saM JR^ Spencer B*. 
fJjjM pRAk.), "What you're saying 
is Justus/ % ><**> vv^w „ 

^Candvore is t mo dBc&'vzmm 
program known as a ^packet sniff- 


Civil liberties groups and inter- 
net service providers say the sys- 
tem raises troubling questions 
about what constitutes a reason- 
.able search and sefoure of dectron* 
ic data. fo- sniffing out potential 
criminal conduct, they note, the 
new technology also could scan pri- 
, yate information about legal actiw 
i ties, taMsg in vsst immunis of In- 
formation from innocent people as 
well as tbe suspect 
Hie aides also note that past 
^periome has shown that law ea- 
(forcemeat has overstepped fe 
' wiretap authority numerous times 
jmthepasl 

| ' ^^ Stemhardt, associate <fe 

*tl«6 IT«W i--*- i 


f^be d?aity to quid# codec* 
fast &c ^to, sad *fojja* informs- 
t»«J la e-mail messages, for ear- 
ample, sod apt online hanking 
toMatS&ms Tbat. Urw e£ 
rforaahwt the equivalent of the 
jtetepboos wxMV.'pers register* 
«d *ta» and baoe*'aat»-the 
| and destination of aB calls relat- 

» ed to the aul^ecL' * ' * 


- ’ vr*x- w IVtl &iU.J 

a wiretap capable of accessing the 
easterns of the convemthms of all 
fhe phone ompmf$ customers, 
wrth the 'assurance' fli^ the FBI 
wSI.tecord only conversations of 
the specified . 

Internet service pro- 


! -«^^K^5 SShS 1 

i publish ; Monnaiicm on die soft* { 


.. waft used so that ISPs can be sure 
I that it does what the agency says. 

The law enforcement officials 
pledged to present the system to a 
neutral fluid party for review bat 
said they cannot release so much 
information about the system that 
it will become a target for evasion 
and hacking. 

They insisted the Carnivore $ys~ 
lem actua% provides greater prb 
vacy than previous methods of 
gathering electronic Information 
because it can fine-tune what the 
machine hands over to fovr.stiga~ 
tors, ** ^ 

The FBFs Kerr also argued that 
^ents won't ‘*risk thdf integrity, 
their jobs and their Mures* hy 
' abusing the lam . 

The toughest ouo^oafogcame 
from Reps. JerMi IS (l> 
N.Y.) and Robert l. Bair Jr. {R. 
Ga.),,two eoagressmSi randy on 
tlie same ade of an issue, t fadter 
peppered the olBdals with a series 
°f fjuestioas that tmd^r&»re4 &e 
Point that Carnivore, trader the 
iat^ that govern peo-register sur- 
wsSaooe, eotdd be used vdtflhoot 
the diflScdt showiag of ‘pnAabte 
cause* required m a tdtohoae 
wiretap. . 

Barr, cited the ittvesttgadoa of 
wisstng White House octaS a»d 
sooraft^y said the CSatoa adotia- 
rstratioo asserts that ^ don't 
even know bow to keep track of our 
owa frmair while ‘now we see a ' 


' wpiujw wtw Kff Rgro* 

h« track of other people's JHiaSaT 
After the hearing. House Major- 
ity Leader Richard K. Aratey fe. 
cned a statement-saying ro wobm i 
of both parties showed ‘strong 


. numa ua^mRv 

ptbtectfoa « g*M im* 
vranftgted8eai*3t tod ^mre. 

. 'Gnti! these concerns are id- 
'Csniirore 

.«K»uabe afeatdowa.* 


DATl ' : JL 2 L 

PAGE Pi 


S/24/02 Release - Rage 

'hoc. **J\ 







MiiX STREET JOURNAL 


Panel- Debates Carnivore 


Tt^ Httuts 

' IqMiif «/ T*m Wau, sWr *« *N‘At 

s rf Federal Hureau 

tended its Carnivore In- 
term -Wftabnce software to a largely 
«epoet} congressional oversight panel, 
telling lawmakers that the electronic 
• system is used only wiien 


(oWvPfii 


rs 


tyifr&gz and needed to protect 
citizens from criminate and terrorists* 

~ ™ enfc, the FBI yesterday 
anaatmeed a new tamperproof auditing 
mechanism lor Carnivore that it said will 
$I*ow federal judges and others to review 
curing: each investigation how the system 
motors a suspect's e-roaii. And 
me FBI said it plans to show Camivore’s 
y workings to an organization that it 
|5tl select toprove that the system works 
m as described by the government 
^ Members of the House Judiciary Sub- 
® mmittec on the Constitution pressed FBI 
arid Justice Department officials yester- 
day to prove that only e-mail and other 
Ipter-Bet communications from criminals . 


"T 1 w*» ,«*w use 

CKnmitteC;ttold them, *You can un- i 
oemaad the s5d$i$kuess" of some people 

■** 


T ivi nereis tremen- ; 

dous^dan-t yuo agree?' added Rep. Spen- * 
«?rJ »dRs CR^ . Ala-1- - . ■• .. ; . - 

f . g !* esg Vtism’i agree 
m ^ tqai eg gBi General Oaunsel 
And Donald Sot. head 
tftteFBI -tahoratory whereCantivore was 
develop^, added that the B&twait*s use Is 
#»«,» intemai reviews, and 

be a fetaiy *We don't 

. ^^Opia^'q^ia^i^ -if 
everybody wouldn't 
there fe a gtat- 
^mfiagfrafetej, feat would reduce a 
jrrf^effijrts.* Bm after l,fr;Kterof- 
e^toeea that Cared we captures 
dg^teli&rfjsaditm it Is programmed to 
iffa* wtfW* *f don’t know 


nntnwtiiwt ' ' ' vT ■ ” < 





maintains Unit un mwn! is kept of my 
wtrelaled messages sent by imweent cus- 
tomers of the same Internet provider, The 
FBI im used the system IS times so htr 
this year* m six criminal cases and 10 
natfanabsocurjty investigations* 

Critics complain that, since hie govmi* 
mem refuses to disclose die btoepnnte for 
how its software works, there is tittle as* 
stir&oce that the mt snooping isn't 
broaden The American Civil Liberties 
Onion’s associate director, Barry Stein- 
hardL testified that the system is "roughly 
the equivalent to a wiretap capable of ac- 
cessing the contents of the conversations 
of alt of the phone company’s customers 
with the assurance that the FBI will record 
only conversations of the specific target/ 

The panel discussed opening Carni- 
vore’s blueprints for review, which the FBI 
adamantly opposes* Even then, said Hem 
Jerroid Nadier CD** Nl), civilian experts 
could he guaranteed only that they were 
looking at die current version of,Carah 
vore, which is oontimialiy being upgraded 
and modified. *It 'could change at any 
time- You can’t trust a police agency for- 
ev^.he said. X ,-' . M . \ 

vdli allow o^puter hs^e^stofel 
ways to defeat the system, and he won* 

b&ehed far r^vfau:'*WA «ws ink 


said- /‘When is enough enough?’* 




»Ari:_H£yf 
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Ffe&rag law enforcement agents 
say they have used the controver- 
sial Carnivore software program 
to track e-mail of suspects 25 times 

m the pas^ fwo^years^ 

Bat agents have never used the 
program illegally or tracked e- 
mad they were not authorised to 
track by a court order, FBI Assis- 
tant Director Donald Kerr told the 
House Judiciary subcommittee on 
the Coasdto&on yesterday 
De^fte the restraint the FBI 
says it has used, privacy rights ad- 
svoc^cs^cntidxea law enforcement 
using Carnivore and 

ienfs use 

,ce tool 

, Leader Dick 

to^Republican, said 
^“-ivore should be 
^DUcerns of pri- 
^-—■‘'and needs of Law; 
ttoraropciled, v 1 
Vtf&scmts are ad- , 





il&qifens* 

* crucial to help 

■ crimes that we 
ay to the ph^ 


. to appear on 
.Assistant At- 



But lawmakers expressed con- 
cern about a lack of checks and 
balances on law enforcement 
agents using Carnivore. 

’"Hie potential for abuse here is 
enormous,” said Rep. Spencer, 
Backus, Alabama Republican. 

FBI General Counsel Larry Par- 
kinran said Carnivore is a little- 
used tool. When it is used Mr Kerr 
sMd, agents follow the iaw 'care- 
fully, and if they are caught collect- 
ing more 'data than allowed, they 
can be imprisoned up to five yearn 
for committing a federal felony. 

"In the past, we’ve had many 
agencies go beyond the scope of 
; * eir authority,” said Rep. John 
\ uapyers Jr,, Michigan Democrat 
Mr, Kerr said the FBI and De- 
Justice mil seek an 
independent review of Carnivore 
this mr to show they aren't rms- 
using the program. 

Lawmakers, and, privacy rights 
^ so btit ie&ed federal 
omaals for using Carnivore when 
Internet service providers could 
just as easily collect information 
being sought 

- .P*?* °u^ht to be more control 
m the hands of the {Internet ser- 
vice providers!;' said Alan David- 
son, a lawyer with the District- 
based civil liberties group .Center 
tor Democracy and Technology, 

Mr. Kerr argued that few of the 

**at*onfc estimated 10,000 Internet 
service providers have toe means 
to sjft tarou^ e-mail traffic and 
«Uecttoem for law enforcement 
But Robert Cem-Revere, m at- 
watJW who represented Atiante- 
Internet service provider 
Earthlink, said EartbLaOc was 
e-raml information at 
^federal government* request 

earlier 


to ?tomp|y & com order and 
set federal officials install Carrn* 


vore on its computers, 

Tht federal government was up- 
set that Earthlink was capturing 
f? w messages, Mr; S 

5E<SS itnee<llessiyte * 

■ , Am^ncan Civil libeities Union 
Assomate Director Barry Stein- 
hardt suggested Carnivore’s 
source code be made public. The 
source code is the set of instruc- 
aons a programmer writes, and It 
will show just what Carnivore is 
The ACLU 

iias Sled s 


Act request with the FBIto S 
source code. ■■ 

^ea though they had a raft of 
questions about Canavore and its 
use, lawmakers yesterday didn’t 
express any willingness to make 
immediate changes to the federal 
government's authority to use the 
surveillance program, , 

"We should be sensitive to any 
potential for abuse of the Ca rm- 
vore system. Even a systcnTde- 
WBied with the best of Intentions 
to legally carry <* * essential law 
enforcement functions may be a 
cause for concern if Its use is not 
nptotored," said Rep, 


• tf*. 


- -.fev-ki&L 




5/24/02 Release - Faye $ 39 s 

e xf 







OPCA-20 (12-3*96) 


u 




J 


xxxxx 

xxxxx. 

xxxxx: 


FEDERAL BUREAU OF INVESTIGATION 
FOIPA . 

DELETED PAGE INFORMATION SHEET 
mSaSi'!"'’’ ” *“ 1 °“ ta ’ “ r,l ‘' °“ " •“ ” f to following Maras. whm iodi 

° HZ?.?: "* Pm “' • •— **- >» - segregate MM available for 


Section SS2 


a mi) 

□ (b)(2) 

□ (b)(3) 


O (b)(7)(A) 

Section SS2* 
O (d)(5) 

□ (b)(7)(B) 

O (f)(2) 

a (b)(7)(C) 

O (k)(J) 

O (b)(7)(D) 

O (k){ 2) 

O (b)(7)(E) 

a <k)<3) 

□ (b)(7)(F) 

□ (k)( 4 ) 

O (b)(8) 

a (fcxs) 

□ (b)(9) 

a (k)( 6 ) 


0 0X7) 


D (b)(4) 

□ (b)(5) 

D (b)(6) 

regies! is JistedfcTiS litte P “ t> ”'“ S “ ' efera, “ 10 to sobjrn of your request or !he subject ol 

D £££?££?£?£? — 8 ~ — ttouments _ ^ . *„ , gracy 

Pages contain information furnished by another Govemmeof „„ . ,, 

to the reieasabiiity of this information following our comultatii St oZ **** ** * 

~ ‘ — i- - been -e. Vo. « be ^ „ „ „ 

— K « ,s ' re " — ooesitoed for retase as Urey a. dtplicMive of ~2>oc’*Jo AC.r Of 

~~ — PageCs) withheld for the following reason^): 


following number is to be u sed for reference res; 
QOCUJ1£?jT~ f^Sa g ‘ 



these pages: 

Sfixy. 


xxxxxx 

xxxxxx 

xxxxxx 


&QOQO0CXXXXXXXXX 
x Deleted Page(s) X 

X No Duplication Fee X 
X for this page X 

xxxxxxxxxxxxxxxx 







OPCA-20 ( 12 - 346 ) 




federal BUREAU of investigation 

_ FOIPA 

ELETED page information sheet 


— __ Page(s} withheld entirely at this location in the file rw 

explain this deletion. * One or more of the following statements, where indie 

0 “* p "™“ “ "" *to» with no segregate material . .-to.- * 


Section 552 


O (b)( 1 ) 
□ (b)(2) 
a (b)(3) 


a (b)( 4 ) 
o (b)(5) 
a (b)(6) 


o (b)(7)(A) 
a (b)(7)(B) 
O (b)(7)(C) 
a (b)(7)(D) 

a (b)(7)(E) 

O (b)(7)(F) 
O (b)(B) 

a (b)( 9 ) 


gggj jpn 552a 
n (d)(5) 

a ®(2) 

a mm 

O (it)( 2 ) 

O (k)(3) 
a (k)(4) 

a oo(5) 

O (h)( 6 ) 

O (fc)( 7 ) 


Information pertained only to a third nsm- «,;a , 

request is listed in the title only. P ' refereoc8 to the subject of your request or the subject of y 

Documents originated with another Government •«. 

for review and direct response to yo«.° Vemmen! ageney0es) * >n,ese documents were referred to that agency® 

.0 to >*»«% of Ota ^ by,h ‘ *» » 

disposition a a iater to? ** ’ ^ not teen matte. Yon will be advised as to the 

**■ ” c * “" slted fcr ■**>«„ Of otc „ 

Page(s) withheld for the following reasonfs): y (/^WrAiZ) 


X H» -to®, «,e* 


xxxxxx 

xxxxxx 

xxxxxx 


XXXXXXXXXXXXXXXX 
x Deleted Page(s) X 

X No Duplication Fee X 
X for this page X 

XXXXXXXXXXXXXXXX 


FBt/DOJ 




(V 
I 

m>r ~- .• , UT^ u 

- American om. uacanEs union 

, _ — - ' 









^atforui hte4Kfc***wt£<rs 1^6 8 toad Streep f^ew York, My 10004-2400 


M (tty S49-2SO0 Fas 549 


July 26, 2000 
John Kelso Jr. 

Federal Bureau Investigation 
Chief, FOI/PA Section, Rm. 6296 JEH 

Washington, D,C. 20535-0001 

Office of Public Affa irs 
" United S tates Department of Justice 
Room 1128 

950 Pennsylvania Avenue NW 
Washington DC 20530-0001 

Attention: 

We are writing pursuant to the Freedom of Information Act (5 U.S C S 552 ) to reouest 
expedited handling of our July 14, 2000 request for all agency records 'Stem 

ZSfTl ^ n0(eS ’ ^memomtda, email, computer so^T 

ihl pw f ’ t( ' chn3ca J. f1ianuals > technical specifications, or any other materials) held by 
the Federal Buieau of Investigation (FBI) regarding the following: 

1. The computer system, software or device known as ''Carnivore", which has been 
or is currently used by the FBI in connection with trap and trace and pen register 
orders served on Internet Sendee Providers or in connection with.ordem forJhe 

m Perception of the content of electronic communications served on Internet 
service Providers; 

2. The computer system, software or device known as "Omnivore", which has been 
or is currently used by the FBI in connection with trap and trace and pen register 
orders served on Internet Service Providers or in connection with orders for the 

int erception of the content of electronic communications served on In ternet 
Service Providers, and 


* ' ♦■S',. 

a. The computer system, software or device known as "EtherPeek" which has 
or is currently used by the FBI in connection with trap and trace’and pen rogS 
orders served on Internet Service Providers or in connection with orders for the ‘ 
interception of the content of electronic communications served on Internet 
Service Providers. . 

We seek expedited review of this FOIA request because this information relates to 
impending policy decisions to which informed members of die public might contribute. 


Stress*** Prvz&gni 


Ira OtmamSvKiM/eOmgor Kmnettt B. Cfa* Cm. (msmiAmoiyGm/net 
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' • access to these materials is necessary to fbllv inform if,*. > t - , 

' maes su^oundine communications f ** P ubIlc about the 

,.§^7 ^ 8 commut ? Ica{, °^ interception and related technological developments. 

Specifically, wc request expedited access pursuant to 28 C F R 16 Vd¥i VilY wKir-n 

allows such processing based on an “urgency to inform the niihiie u ' ' ^ 

aliened Government ;t a . y miorm the public about an actual or 

*' information.*' As evnlnm^ f , d< i b ^ a f erson primarily engaged in disseminating 

government's use of Carnivore is a matter 

to protect M « 

- has been so strong that (W« has ISt £? Sf P f I,C f*** aboUt Camivo ^ ' 

(See OMr fU*S? Tf 7 “ at *“* one heari »S « «* subject 

Program “ 306 th Cbn/f20nm V* * Ae ‘^ ment hsues Raised the FBI’s ‘Carnivore’ 

* SSS': J? % (2000 >- ) A ***** Congressional hearings and slew of press 

■>000 atAl -nu u 0p ?° SeFB1 Scrutiny Of E-Mail,” Washington Post, July 21 

“Fveinwr Pt i I ? pper > EatIng Aw *y a{ Privacy?” Associated Press July J2 of)QO* 
Eyeing High-Tech PnvafeEyes” ABCNews.com, July 14 2000- - 

will not devour privacy “ CNN com j«i V 2 i *> onn\* !, -FBI says Carnivore 

' Mail ‘Carnivore”’ PC WoTeoZ^lSf “ * 

Mweovcr, the American Civil Liberties Foundation (ACLU Foundation! meets the 

TO™ntiri7f u e al ‘ 0nal 7*1' T** *• De P artm ®* °f Defense, where a 
representati ve of the news media is defined as an entity that "gathers information of 

potential interest to a segment of the public" and "uses its editorial skills to turn raw 

mr £.' ACL, ,‘p ' ’T*’ and dis,rita " s ,ta «■*' “> - «*•» ■ m f m l 
bri!L« nohho L F °“ a °!! Pt l,sh ' s ““ vstel «- f'«mml press releases, news 
public Tts material iTwidetv C-fi?* ° <,,er fflaten2ls 11)21 are disseminated to tire 
not for-profit groups. 

mv.aciu.org as well, I bus the organization meets the pertinent reeuhtfmr 
requirements for expedited access. P ieyiUtory 

In addition we request expedited access pursuant to 28 C.F.R 16 5fd)«¥ivl which 
allows such access for a “matter of widesnrp-i/t , ' \ h ^ nicn 

there* evtcf tvu »;K!e. , • V " ,acs P rca<1 an « exceptional media interest in which 

there exist possible questions about the government’s integrity which affect nublir 

nfidenee. Again, the recent Congressional hearings as well as the storm A f a* 
joverege aitou, Carnivore and re, aied computerprej^ StptTvil^d,. 
wde^read and exceptional media interest” in .his issue. Moreover 

We have enclosed certification (for the pmposes of expedited access) with this letter. 
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Jo your reply within ten calendar days, as required under 28 CJ 


I6.5(d)(4)^’ 

Tlianlc you for your assistance. 
Sincerely, . 


B^^StSM^CEsq. 

Oa behalf of the ACLU Foundation 
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% ' CERTIFICATION 

To whom it may concern: 

beffiT' ^ r0 “°' Vi " S 6C ‘ S “ lmc a " d C0TCC1 10 *• ta. of my knowledge and 


1 * j f e Axeman Civil Liberties Foundation {ACLU Foundation) meet* 

out a National Security Archive v DeoartmL of n.r™. i ’ “ cntenon ,,,d 

news media is defined as an Mi Jih7»SZf w ! a of . the 

FoiSn pSSSSSi 0 88 ! R 2d a * 1387 - «“ ACIU 

handbooks, md other materials that neWS bnefia S s > to fe»w 

“ £ TT'**** te W «»■**-* n^-p!ofi“ ’ al y 

students and faculty for no cost or for a nominal fee through its public education 

epartment. The ACLU Foundation disseminates information teough publications 
available on-line at www.aclu.org as well. publications 


Fhc disclosure of Informahon t 
die interest; 


» regarding the following computer systems is In the 


Ihe computer system, software or device known as "Carnivore’', which has been 
“f * ,h % m “ "--ft top and toco aud 

interceofion ft ni ^'r T Fl0v,dcr$ or OT connection with orders for the 

Se^e PmvideS * ^ communic ation S served on Internet 


The computer system, software or device known as "Omnivore", which has been 

ZZlZTjf US ? ? y ih % m . COm,cc!ioil with tra P «** trace and pen register 
orders served on Internet Service Providers or in connection with orders for the 

£T ° [CkCirQnk ^ « Internet 


Hie computer system, software or device known as "EtherPeek”, which has been 

U f 1 ^ lh f Bi " With ** ^ trace and pen Se" 

orders served on Internet Service Providers or in connection with orders for the 

Pr^ddexs 6 C ° ntent ° f eleCEr0n ‘ C ^^^umcations served on Internet 

Records regarding Carnivore, Omnivore and EtherPeek are likely to contribute 
significantly to foe public understanding of the activities of the government ^ ACLU 
Foundation is a nonprofit 501(03 research and education org ^tioTwoldngl ° 

increase citizen participation in governance issues. The ACLU Foundation k mat-mo u ♦ 
^quest speci fically for the public’s enJianced understanding of lawfully authorized § 
ire appmg, its relationship to constitutional guarantees of privacy as well as an 
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Web. Uesc ** ^ ^ Worid Wkte ' 

■ * worid - « ssrar 

iaierest wHch^SS^So^?l“lO!!lf^ d “ 4 exc 'Pl»nal media 


Congress ha* lw7J . * ' ® camivore grown to such an extent that 

~3f*Tr* il ?' d at least one heann § «a tins subject. (See Oversight Hearing 

POM 'Carnivore' Pro f am ^3*£* 
(*000) )_ The tremendous amount of media coverage about Carnivore and related S ' 
computer programs also provides strong evidence of the “wirWn » a a reJatfid _ 
m=di a inter i„ this uL. (See. c g lota S , Z?? Z* 

SSSi Washmyon Poa,Ju]y 21.2000 al Al; D Ian Hopper, • t=,^., 
A,vny at Pnvacy Assorted Press, July 12, 2000; “Eyeing High-Tel Prtvte fis » 
ABCNews.com, July 14 2000* “FBT save r«™t« -t. 6 . iCUl i mare byes, 

July 21 , 2000' Margaret Johnston '45n° 2 It W ?,L 10t devoor privacy,” CNN.com, 

Jtl i' , CI\, Tiv S(on * FBI Dcmos E-Mail Carnivore’,” PC World com 
Ju *> t 1 ’ 2000 -> 1,1 ad ^tion, the requested materia! mav provide HKwor- ,1 
questions regarding the oovemmrntv „»ir ", p . answers t0 senous 
liberties. government s willingness to protect individual privacy and civil 



Barry Steftjjhardt, Esq. 

On behalfof the ACLU Foundation 


<? / tyvt 


July 26, 2000 
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Diagnostic Tool 


^%5sSiS^S^ E ^ ®^k Statement for the ' " 

sskb^sp**^ . 

ac&vtSes^^ ■ * 8 ^°romun*catons to plan and execute their criminal 

S aS?g eSfenS 5 ^SlSSS^SSSbeKS&^u *S^' *?^o^t«5SSSe» 

subject to being discredited or imoeached thm.1 a K«;£^^! n ® !ha,can b ® 


based upon a dMMk ^ '££? " ** t0 ***** factua! issues 

D^artmem of JustSpo^ 

^ h ! edar f mm court judg'Jor 

p ion of communications is limited to certain specified federal felony offenses. ’ 

S5^ P robabfe cause and state with 

or place from which theSbject’s commumSonsSote imeSiS mU rf iCSt ^ facMty 
the types of conversations to be interceoted and ih* ne < C .t° e0, a ckscnption of 

lam focus on jalhorfns ham evkfe ra - not?te%SS.^ elWroniC s “’ v » l8aiKe 

SSSTS“ Stt2^ •“’“I®* *» not wort, of am 
resanlins Bis subject or facility* qLstto cSmSSSSSLtS^ " ve * TO8 
interceptions must terminate LnS» CoKSS SJSS* »"<* „ 

P™8»® of KteSSJSS JS? ml?iSsttSUS^ 0 |te S, “S* 1 "*’! 8 01 “» 
peRndted, « justified, for up to a period of 30 days. ™ application} are 

** c 2f fct i 0n of "*** 

for electronic surveillance as the evidence cannot hnJshf^Yt °f S8s J bere *® no substitute 
investigative techntaueT enC0 030,101 te obtatnecf other traditionai 


5 S ^""S” 1 lwes8 8aiions 

communicate with |JS ta£S sS&Tp otlwr or 10 

Cami ““ ^.^idss the FBI with a -surjicaF aWByto intern,* and coBacf the 
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aSr . * hv > vwv . ? v , v - 

Ps ■'•'«?• -^. W ':* ••*> ■ 

♦ atop Carnivore 

+?**■< f £» r v -- '■■ 

ife. ‘ . 






Stop Carnivora 

My 27, 2060 






Mi/ 


JS 1 R^Sf re , 0f Consre f sent *» followln 3 tett9r to Attorney General 
Janet Reno asking her to suspend operation of the Carnivore internet ” 

addressed 8 S ^ Slem Unlil the se,tous P^acy issues Involved have been 


Congress of tfjc MmtcJj States 

2Sfo$bmgtcf! ( JBC 20515 
July 27, 2000 


The Honorable Janet Reno, Attorney General 
US Department of Justice 
950 Pennsylvania Avenue, NW 
Washington, DC 20530-0001 


Dear Attorney General Reno, 

syst JSSJS^: m0ait0 ® g 

enforcement are essential priorities, Carnivore has raised serious Fourth Amendment 
*** ***** g0Veniment be Ctustod this kind of personal 

continSTJ^f dCnC€ k me r v fy^ d security of the Internet am essential for 
is not reading tteir cmadZm“terhow woShy “obMvf* ^ E ° VOTm “ lt 

Carnivore could have on consume confided fa te fataS? 

any activity involving the development or use of Carnivore until the Serious nrivacv 
issues involved have been satisfactorily answered. ^ ^ 

Sincerely, 


httpy7freedom.house.gov/iibra5yr/technology/camletter.asp 
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-c^r * 

. stop Carnivore 

W-' • .. 

,i* • 


. . .,• Dick Armey 

mmi 

pjj^Pl^ Kevin Brady 
Jack Metcalf 

:S' 

. Charlie Norwood 
Nancy Johnson 
Richard Pombo 
Sonny Callahan 
Tom Cobum 
Charles H. Taylor 
Dan Miller 

Additional supporters: 
Cynthia McKinney 

Ron Paul 


O 


Doc Hastings 


Related Links 

The e-Cofitra^ 

temstto on the e-Cpwrprf wilh High Tech 



Tom DeLay , * 
John Thune 
Brian Bilbray 
Bob Barr 
Jim McCrary 
John McHugh 
JtmKolbe 
Richard Baker 
Mac Thomberry 


J.C. Watts 

• j ■ . ••• • 

Larry Combest 
Julia Carson 
Bill Archer 
Terry Everett 
Tom Campbell 
Donald A. Manzullo 
Zach Wamp 
jim Gibbons 


Bob Goodlatte 


Freedom Works : 



WOT ftS 
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http^/freedom.house.gov/library/technology/camletter.asp 
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